[CS] HTTPS Day-83

HTTPS

https is a method of transmitting data by encrypting the content of the HTTP communication process using SSL or TLS algorithms for HTTP requests.

Existing http requests can be checked by a third party. However, https encrypts the content, making it impossible for third parties to verify the content.

HTTPS Method

  • Certificate
  • CA
  • asymmetric key encryption

Certificate

  • It ensures the identity of the data provider.

When the client sends a request to the server, the server responds with a certificate. The client compares the domain written in the certificate with the domain written in the response object.

CA

  • Certificate Authority

asymmetric key encryption

Encryption and decryption can proceed through a completely different key pair.
If you encrypt with one key, you can decrypt with another key.

asymmetric key process

  • Hand Shake
    Client and server verify each other. The server passes the public key to the client.

  • generate secret key
    The client creates an encryption key based on the received key, encrypts the data, and sends it to the server.

When the server responds to the client, it passes the information encrypted.

  • mutual key validation

Why we use HTTPS?

Using https is more secure than http and verifies the identity of the data provider.

Why it is important to verify the identity of the data provider

The client has no choice but to use the data, delivered by the data provider.

What is encryption?

One of the characteristics of the https protocol is encryption. With encryption, the contents of data requests and responses cannot be checked by third party user.


Private certificate issuance and https server implementation

You can use the mkcert program to create a trusted certificate in your local environment.

ex) macOS

brew install mkcert

ex) create certificate
You must add in local environment. below one is just create certificate.

mkcert -install

ex) Generate local environment certificate

mkcert -key-file key.pem -cert-file cert.pem localhost 127.0.0.1 ::1

A certificate that can be used on localhost, IPv4, IPv6 added as an option is generated.

If the certificate is generated normally, you can see that the files called cert.pem and key.pem are created.

The certificate and public key can be made public, but key.pem must not be made public.


Create HTTPS Server

To write an HTTPS server in Node.js environment, you can use the https built-in module.

You can also create an https server using express.js.

ex) Node.js https module

const https = require('https');
const fs = require('fs');

https
  .createServer(
    {
      key: fs.readFileSync(__dirname + '/key.pem', 'utf-8'),
      cert: fs.readFileSync(__dirname + '/cert.pem', 'utf-8'),
    },
    function (req, res) {
      res.write('Congrats! You made https server now :)');
      res.end();
    }
  )
  .listen(3001);

You can see that it was launched as https://localhost:3001 and uses the HTTPS protocol.

ex) express.js

const https = require('https');
const fs = require('fs');
const express = require('express');

const app = express();

https
  .createServer(
    {
      key: fs.readFileSync(__dirname + '/key.pem', 'utf-8'),
      cert: fs.readFileSync(__dirname + '/cert.pem', 'utf-8'),
    },
    app.use('/', (req, res) => {
      res.send('Congrats! You made https server now :)');
    })
  )
  .listen(3001);

좋은 웹페이지 즐겨찾기