HTTPS 如何提供安全性?

发布于 2024-09-28 06:44:27 字数 66 浏览 2 评论 0原文

我想知道HTTPS是如何实现的。数据是否加密或路径(数据通过其传递)是否加密。如果有人向我提供实施细节,我将不胜感激。

I want to know how HTTPS is implemented. Whether the data is encrypted or path is encrypted (through which data is passed). I will be thankful if someone provides me implementation details.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

非常简单,HTTPS 使用安全套接字层来加密客户端和服务器之间传输的数据。 SSL 使用 RSA 算法 https://en.wikipedia.org/wiki/RSA_(cryptosystem)< /a>,一种非对称加密技术。该算法工作原理的精确细节很复杂,但基本上它利用了这样一个事实:虽然将两个大素数相乘很容易,但将结果分解回组成素数却非常非常困难。所有 SSL/RSA 加密的工作原理是:

服务器生成两个大素数,并将它们相乘。这称为“公钥”。该密钥可供任何希望将数据安全传输到服务器的客户端使用。客户端使用这个“公钥”来加密它希望发送的数据。现在,由于这是一种非对称算法,因此公钥不能用于解密传输的数据,只能对其进行加密。为了解密,您需要原始素数,并且只有服务器拥有这些(“私钥”)。收到加密数据后,服务器使用其私钥对传输进行解密。

当您浏览网页时,您的浏览器会向服务器提供其公钥。服务器使用此密钥对发送到浏览器的数据进行加密,然后浏览器使用其私钥进行解密。

所以,是的,所有通过 HTTPs 传输到服务器或从服务器传输的数据都是加密的 - 并且加密得很好。典型的 SSL 实现使用 128 或 256 位数字作为密钥。要打破这一点,您需要真正大量的计算资源。

据我所知,对服务器资产的请求未加密 - 使用 httpfox https://addons.mozilla.org/en-US/firefox/addon/6647/ 或 Wireshark http: //www.wireshark.org/ 或需要确认的内容。

Very simply, HTTPS uses Secure Socket Layer to encrypt data that is transferred between client and server. SSL uses the RSA algorithm https://en.wikipedia.org/wiki/RSA_(cryptosystem), an asymmetric encryption technology. The precise details of how the algorithm works is complex, but basically it leverages the fact that whilst multiplying two large prime numbers together is easy, factoring the result back into the constituent primes is very, very hard. How all SSL/RSA encryption works is:

The server generates two large prime numbers, and multiplies them together. This is called the "public key". This key is made available to any client which wishes to transmit data securely to the server. The client uses this "public key" to encrypt data it wishes to send. Now because this is an asymmetric algorithm, the public key cannot be used to decrypt the transmitted data, only encrypt it. In order to decrypt, you need the original prime numbers, and only the server has these (the "private key"). On receiving the encrypted data, the server uses its private key to decrypt the transmission.

In the case of you browsing the web, your browser gives the server its public key. The server uses this key to encrypt data to be sent to your browser, which then uses its private key to decrypt.

So yes all data transmitted to/from server over HTTPs is encrypted - and encrypted well. Typical SSL implementations use 128 or 256 digits for their keys. To break this you need a truly vast amount of computing resources.

As far as I am aware the request for a server asset is not encrypted - use httpfox https://addons.mozilla.org/en-US/firefox/addon/6647/ or Wireshark http://www.wireshark.org/ or something to confirm.

睫毛上残留的泪 2024-10-05 06:44:27

有两种方式。

  1. 确保您和网站之间传输的所有信息均经过加密。它通过使用 RSA 的密钥交换过程(交换用于实际加密的“会话密钥”)来实现此目的。

  2. 通过(尝试)表现出对您访问的网站的信任。证书被提供给域,其想法是在您的计算机上您只信任来自各种信誉良好的来源的证书。然后,您可以(理论上)放心,当弹出“您的银行”的证书时,它确实是“您的银行”网站,而不是其他网站。实际上,很少有人关心/注意到 SSL 的这一方面。

这是传输层安全性。它不是应用程序级别。您仍然需要遵循安全编码实践和各种其他技术来确保您的网站安全。

In two ways.

  1. By ensuring that all information transmitted between you and the website is encrypted. It does this via a key-exchange process using RSA (which exchanges a 'session key', which is used for the actual encryption).

  2. By (trying to) demonstrate trust in the website you visit. Certificates are provided to domains, and the idea is that on your machine you trust only certificates from various reputable sources. Then, you can (in theory) be assured that when a certificate pops up for "Your Bank", it is really "Your Bank" website, and not some other website. In practice, very few people care/notice this aspect of SSL.

It's transport layer security. It is not application level. You still need to follow secure coding practices and various other techniques to ensure that your site is secure.

满意归宿 2024-10-05 06:44:27

我认为这是一个非常简洁的人类可读的解释:
http://robertheaton.com/2014/03/27/ how-does-https-actually-work/

这是我的总结版本:

概念:

  • 非对称加密算法 – 公钥加密,私有
    密钥解密。
  • 对称加密算法 – 公钥
    加密和解密。

握手:

  1. Hello – 客户端发送加密算法及其支持的 SSL 版本。
  2. 证书交换 – 服务器发送证书以识别自身身份以及证书公钥。
  3. 密钥交换 – 客户端使用证书公钥来加密新的客户端重新生成的公钥(使用步骤 1 中商定的非对称加密算法)并将其发送到服务器。服务器使用其私钥(使用非对称加密算法)对其进行解密。
  4. 数据交换 - 现在客户端和服务器都知道该公钥。它用于客户端和服务器上的加密和解密的后续请求/响应(对称加密算法)

I thought this was a really concise human readable explanation:
http://robertheaton.com/2014/03/27/how-does-https-actually-work/

Here is my summarised version:

Concepts:

  • Asymmetric cryptography algorithm – Public key encryption, private
    key decryption.
  • Symmetric cryptography algorithm – Public key
    encryption and decryption.

Handshake:

  1. Hello – Client send cryptography algorithm and the SSL version it supports.
  2. Certificate Exchange – Server sends certificate to identify itself, and certificate public key.
  3. Key Exchange – The client uses Certificate public key to encrypt a new client regenerated public key (using the agreed asymmetric cryptography algorithm from step 1) and sends it to the server. The server decrypts it using its private key (using asymmetric cryptography algorithm).
  4. Data Exchange - This public key is now know by both client and server. It is used for subsequent requests/responses for both encryption and decryption on both client and server (symmetric cryptography algorithm)
独﹏钓一江月 2024-10-05 06:44:27

您可以阅读 TLSv1 RFC-2246 中的所有详细信息。


对于安全分析,具体如下部分:

F。安全分析

TLS 协议旨在在之间建立安全连接
客户端和服务器通过不安全的通道进行通信。这
文件做出了一些传统假设,包括
攻击者拥有大量计算资源并且无法获取
来自协议外部来源的秘密信息。攻击者是
假设有能力捕获、修改、删除、重播和
否则篡改通过通信通道发送的消息。
本附录概述了 TLS 是如何设计来抵御各种威胁的
攻击。

更多内容被剪掉

You can read all the details in the TLSv1 RFC-2246.


For security analysis, specifically the following section:

F. Security analysis

The TLS protocol is designed to establish a secure connection between
a client and a server communicating over an insecure channel. This
document makes several traditional assumptions, including that
attackers have substantial computational resources and cannot obtain
secret information from sources outside the protocol. Attackers are
assumed to have the ability to capture, modify, delete, replay, and
otherwise tamper with messages sent over the communication channel.
This appendix outlines how TLS has been designed to resist a variety
of attacks.

further content snipped

梦途 2024-10-05 06:44:27

服务器和客户端无法控制用于传输数据的路径。使用的路径是网络层(互联网协议 - IP)的问题,而不是传输层安全性(TLS)的问题。

数据本身是加密的,并且还有检查服务器真实性的方法,正如 Noon Silk 提到的。

http://en.wikipedia.org/wiki/Transport_Layer_Security

Server and client do not have control over the path that is used to transmit the data. The path used is a matter for the network layer (Internet Protocol - IP), not for the Transport Layer Security (TLS)

The data itself is encrypted, and there are also means for checking server autenticity, as mentioned by Noon Silk.

http://en.wikipedia.org/wiki/Transport_Layer_Security

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文