https,SSL - HackMD

# https,SSL ###### tags: `SSL`,https` ## :memo: HTTPS : the connection under SSL(secure socket layer) ## public cryptography and Signature 1. each owner have one key pair(public key:private key) 2. **public cryptography** :any message encrypted by the public key only can be decrypted by the corresponding private key 3. **signature** : anyone knowing A's public key can verify the message generated(encrypt) by the owner of A's private key ## information exchange (client <->server) :::info ![](https://i.imgur.com/iQ1xVpI.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: :::info ![](https://i.imgur.com/UibiynU.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 1. client ask for **youtube** :::info ![](https://i.imgur.com/45J1xGQ.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 2. **youtube** for proving its identity, send back its public key assigned by Google CA(certificate). p.s. this certificate signed by CA private key,which can be validated by CA public key :::info ![](https://i.imgur.com/RJnidke.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 3. owing to Google CA has credibility,the client utilize Google CA's public key to verify the youtube certificate, hence client trust the youtube identity. 4. To build an encryted network,the client has to build a key which only can be accessed by the client and youtube. 5. With **cryptography prerequisites**, the client encrypt a new secret key with youtube public key and send the info to youtube. :::info ![](https://i.imgur.com/G6ALPGd.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 6. Only the one who access the private key can decrypt the encoded info => only youtube can decrypt the info from the client. 7. now the infomation exchaneg btw the client and youtube will encrypt with the shared secret key. ## Certificate Authority(CA) (server apply https) :::info ![](https://i.imgur.com/hkjYQBl.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 1. yotube want to use https 2. youtube applied to credible CA(ex.google CA) to agree its https application 2a. youtube create CSR (**containing youtube public key and youtube email(?),and signed by youtube private key**) 2b. After Google CA agree the application and sign Certificate Signing Request(CSR) of youtube with CA private key(creating the **digital signature** ).Now anyone knowing the Google CA public key can verify youtube CSR is approved by Google CA. 5. malicious attackers would pretend to be youtube but in vain, owing to attackers can't get their certificate sign by google CA p.s. CSR contains two parts: 1. public key 2. ## self-signed certificate :::info for stage or test level ![](https://i.imgur.com/nOQMph5.png) ref: [How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) ::: 1. create your own CA 2. sign the CSR with your own CA 3. add your own CA as trusted CA reference: [youtube: How does HTTPS work? What's a CA? What's a self-signed Certificate? ](https://www.youtube.com/watch?v=T4Df5_cojAs&ab_channel=kubucation) [Wiki:Certificate signing request](https://en.wikipedia.org/wiki/Certificate_signing_request)