What Does HTTPS Actually Encrypt?

What Does HTTPS Actually Encrypt?

Source | https://segmentfault.com/a/1190000015342043

We’ve previously written many articles on the well-discussed topic of HTTP and HTTPS, such as the one titled “From HTTP to HTTPS to HSTS,” which detailed the evolution of HTTP and HTTPS. That’s right, it’s the evolution of HTTP beast into HTTPS beast.
So today, we mainly discuss what exactly HTTPS encrypts.
Let me tell you a story. My first love was with my deskmate in middle school. At that time, there were no communication tools like mobile phones, and we had three treasures for communication in class: kicking the butt, poking the back with a pen, and passing notes. Of course, I could only be the butt and back.
To be honest, passing notes was really dangerous, especially those love notes; if caught, it would be a song of “Cool Cool”.
So my little girlfriend and I decided to encrypt the data on the note so that even if the homeroom teacher caught us, she couldn’t do anything to us!
We created a cipher book by matching English letters and numbers, then wrote numbers on the note that needed to be translated into corresponding letters and spelled out in pinyin to understand the meaning of the string of numbers.
That’s my rocky love history.
Later, as I grew up, I realized that this was a beautiful moment that could never be returned to. If given a chance, I would… ah, I got sidetracked. When I grew up, I realized this is akin to the HTTPS in the data transmission of websites today.

HTTP Protocol with Added SSL Layer

In short, HTTPS is HTTP with an added SSL layer, which protects the privacy and integrity of exchanged data and provides website server identity authentication. Simply put, it is the secure version of HTTP.
Now, with the development of technology, TLS has been widely used. We don’t need to worry about the differences between SSL and TLS; just know that TLS is an upgraded version of SSL.
What Does HTTPS Actually Encrypt?
Generally speaking, HTTPS has three main uses: first, to confirm the authenticity of the website through certificates and other information; second, to establish an encrypted information channel; and third, to ensure the integrity of the data content.
What Does HTTPS Actually Encrypt?
The above is from the UCloud official website. We can click the lock icon in the browser’s address bar to view the real information after website authentication; the SSL certificate guarantees the uniqueness and authenticity of the website.
So what information is encrypted in the information channel?
The CA center that issues certificates publishes an authoritative electronic document—a digital certificate. It can encrypt the information we transmit online using encryption technologies (symmetric and asymmetric encryption). For example, when I enter on Pornhub:
Account: cbssfaw
Password: 123djaosid
If this data is intercepted and stolen by hackers, then after encryption, the data obtained by hackers might look like this:
Account: çµø…≤¥ƒ∂ø†®∂˙∆¬
Password: ∆ø¥§®†ƒ©®†©˚¬
What Does HTTPS Actually Encrypt?
The last point is verifying the integrity of the data. When data packets are forwarded through countless routers, data hijacking can occur, and hackers can tamper with the data, such as inserting inappropriate advertisements. With HTTPS enabled, hackers cannot tamper with the data. Even if tampering does occur, we can detect the problem.

Symmetric Encryption and Asymmetric Encryption

Symmetric Encryption
Symmetric encryption refers to encryption algorithms that use the same key for both encryption and decryption. When I passed notes in middle school, I used the same set of encryption passwords, so the encryption algorithm I used was a symmetric encryption algorithm.
Common encryption algorithms include: DES, AES, IDEA, etc.
Asymmetric Encryption
Asymmetric encryption uses two keys, a public key and a private key. We use the public key to encrypt data such as website account passwords and then use the private key to decrypt the data. This public key is shared with everyone who views the website, while the private key is only held by the website server.
Common asymmetric encryption algorithms include: RSA, DSA, DH, etc.

HTTPS = Data Encryption + Website Authentication + Integrity Verification + HTTP

From the above, we already know that HTTPS authenticates the website based on the HTTP transmission protocol, giving it a unique identification, encrypting the website data, and verifying the integrity of the transmitted data.
As a means of encryption, HTTPS not only encrypts data but also provides a form of identification for the website.
If I could go back ten years, I would definitely pass notes to my girlfriend like this:
First, prepare a unique note and sign my name on it, then encrypt the data in a way that only my girlfriend can decrypt, and finally seal it with glue to prevent the kid at the next desk from peeking and modifying the note’s content.
What Does HTTPS Actually Encrypt?
What Does HTTPS Actually Encrypt?

Leave a Comment