Information security public welfare publicity, information security knowledge enlightenment.
Add WeChat group reply to public account: WeChat Group; QQ group: 16004488
Joining the WeChat group or QQ group can get: Learning Tutorials

Cryptography is widely used in computer science, and HTTPS is a secure communication protocol built on the foundation of cryptography. HTTPS was first proposed by Netscape in 1994, and today, with the promotion of many internet companies, HTTPS has been widely used on various websites of all sizes. Before fully understanding HTTPS, it is necessary to clarify some cryptographic concepts, such as: plaintext, ciphertext, cipher, key, symmetric encryption, asymmetric encryption, hash, digital signature, digital certificate.
Cipher
The cipher in cryptography is different from the password we talk about in daily life. The computer term ‘cipher’ is an algorithm used for encryption or decryption, while the ‘password’ we use daily is a set of text strings used for authentication. Here we will discuss the former: cipher.
Key
A key is a parameter that is input during the process of using the cipher algorithm. The same plaintext will produce different ciphertext under the same cipher algorithm and different keys. Many well-known cipher algorithms are public, and the key is the important parameter that determines the security of the ciphertext. Generally, the longer the key, the harder it is to crack. For example, an 8-bit key has a maximum of 256 possibilities, and using brute force, it can be easily cracked. The well-known DES algorithm uses a 56-bit key, which is no longer considered a secure encryption algorithm, mainly because the 56-bit key is too short and can be cracked within hours. Keys are divided into symmetric keys and asymmetric keys.
Plaintext/Ciphertext
Plaintext is the original data before encryption, while ciphertext is the result obtained after cipher operations, known as ciphertext.

Symmetric Key
A symmetric key (Symmetric-key algorithm) is also known as shared key encryption. The same key is used for both encryption and decryption. Common symmetric encryption algorithms include DES, 3DES, AES, RC5, and RC6. The advantage of symmetric keys is that they are fast in computation, but they also have disadvantages. The key needs to be shared between the two communication ends so that both parties know the key for correct decryption. If all clients share the same key, this key becomes like a master key, capable of decrypting everyone’s ciphertext. If each client maintains a separate key with the server, the server would need to manage thousands of keys, which would be a nightmare. Below is a simple symmetric encryption that encrypts plaintext into ASCII.
# Encryption method: based on ASCII + key value
def encipher(plain_text, key):
# Encrypt
cipher_text = []
for c in plain_text:
cipher_text.append(str(ord(c) + key))
return ' '.join(cipher_text)
def decipher(cipher_text, key):
# Decrypt
plain_text = []
for c in cipher_text.split(" "):
plain_text.append(chr(int(c)+key))
return "".join(plain_text)
if __name__ == '__main__':
print "cipher_text:", encipher("abcdef", 0)
print "plain_text:", decipher("97 98 99 100 101 102", 0)
Asymmetric Key
An asymmetric key (public-key cryptography), also known as public key encryption, is where the server generates a pair of keys: one private key is kept on the server and known only to itself, while the other is a public key that can be freely distributed for anyone to use. The plaintext from the client is encrypted with the public key and needs to be decrypted with the private key. In asymmetric key encryption, different keys are used for encryption and decryption, which is why it is called asymmetric encryption. Compared to symmetric encryption, asymmetric encryption does not require sharing a key between the client and server. As long as the private key is not given to any user, even if the public key is intercepted online, it cannot be decrypted. Only a stolen public key is useless. Common asymmetric encryption includes RSA, and the process of asymmetric encryption and decryption is as follows:
The server generates a pair of public and private keys.
The private key is kept on the server, and the public key is sent to the client.
The client uses the public key to encrypt plaintext and transmits it to the server.
The server uses the private key to decrypt the ciphertext and obtain the plaintext.
Digital Signature
When data is transmitted between the browser and the server, it is possible for a malicious thief to replace the content during transmission. How can we ensure that the data is genuinely sent by the server and not tampered with? To solve these two problems, we must use digital signatures. A digital signature is like a signature in daily life. Once you sign your name on a contract, it legally confirms that you signed it, and no one can forge it because it is your unique handwriting. So what is a digital signature in computing? A digital signature is used to verify whether the transmitted content is truly sent by the server and whether the transmitted data has been tampered with. It serves these two purposes and is an application scenario of asymmetric encryption.However, it encrypts using the private key and decrypts with the matching public key.
Step 1:The server processes the message through Hash to generate a digest. The digest is encrypted with the private key, creating a signature, which the server sends to the client along with the message.
Step 2: After the client receives the data, it extracts the signature and decrypts it using the public key. If it can decrypt Digest2 normally, it confirms that it was sent by the other party.
Step 3: The client extracts the message Text and performs the same Hash processing to obtain Digest1, which is then compared with the previously decrypted Digest2. If both are equal, it indicates that the content has not been tampered with; otherwise, the content has been altered. Because even the slightest change in the text will produce a completely different hash digest.

Digital Certificate
A digital certificate, abbreviated as CA, is a recognition certificate issued to a website by an authority, which is recognized by everyone (browsers). Why do we need a digital certificate? Is a digital signature not secure enough? There is a situation where browsers cannot determine whether all real servers are truly real. For example, if Manufacturer A installs a lock for you and gives you the key, as long as the key can open the lock, you can confirm that the key and lock are paired. If someone replaces the key or the lock, you will not be able to open the door, and you will know it has been stolen. However, if someone replaces the lock and key with another set that looks similar but is of much lower quality, even though the key and lock match, you cannot be sure if this is really from Manufacturer A. In this case, you can ask a quality inspection department to verify whether this lock is truly from Manufacturer A, as the quality inspection department is an authoritative institution whose words are publicly recognized.
Similarly, if someone (Zhang San) replaces the public key sent by the real server to the browser with their own public key, Zhang San can use their private key to perform the same steps of text Hashing and digital signing, resulting in everything appearing to be correct. However, in fact, the browser sees something that is not sent by the real server; it has been completely replaced by Zhang San (from public key to private key). So how can we ensure that the public key you are using is the one truly sent by the real server? We use a digital certificate to solve this problem. Digital certificates are generally issued by digital certificate authorities (Certificate Authority) and contain the real server’s public key and other information about the website. The certificate authority encrypts it with its private key and sends it to the browser, which uses the certificate authority’s public key to decrypt and obtain the real server’s public key. This process is based on the recognition of the certificate authority, making it a secure method.
▼ Click Read Original to see more exciting articles.