[CS] HTTPS Day-83

cptkuk91·2022년 3월 19일
0

CS

목록 보기
131/139

HTTPS

https is a method of transmitting data by encrypting the content of the HTTP communication process using SSL or TLS algorithms for HTTP requests.

Existing http requests can be checked by a third party. However, https encrypts the content, making it impossible for third parties to verify the content.

HTTPS Method

  • Certificate
  • CA
  • asymmetric key encryption

Certificate

  • It ensures the identity of the data provider.

When the client sends a request to the server, the server responds with a certificate. The client compares the domain written in the certificate with the domain written in the response object.

CA

  • Certificate Authority

asymmetric key encryption

Encryption and decryption can proceed through a completely different key pair.
If you encrypt with one key, you can decrypt with another key.

asymmetric key process

  • Hand Shake
    Client and server verify each other. The server passes the public key to the client.

  • generate secret key
    The client creates an encryption key based on the received key, encrypts the data, and sends it to the server.

When the server responds to the client, it passes the information encrypted.

  • mutual key validation

Why we use HTTPS?

Using https is more secure than http and verifies the identity of the data provider.

Why it is important to verify the identity of the data provider

The client has no choice but to use the data, delivered by the data provider.

What is encryption?

One of the characteristics of the https protocol is encryption. With encryption, the contents of data requests and responses cannot be checked by third party user.


Private certificate issuance and https server implementation

You can use the mkcert program to create a trusted certificate in your local environment.

ex) macOS

brew install mkcert

ex) create certificate
You must add in local environment. below one is just create certificate.

mkcert -install

ex) Generate local environment certificate

mkcert -key-file key.pem -cert-file cert.pem localhost 127.0.0.1 ::1

A certificate that can be used on localhost, IPv4, IPv6 added as an option is generated.

If the certificate is generated normally, you can see that the files called cert.pem and key.pem are created.

The certificate and public key can be made public, but key.pem must not be made public.


Create HTTPS Server

To write an HTTPS server in Node.js environment, you can use the https built-in module.

You can also create an https server using express.js.

ex) Node.js https module

const https = require('https');
const fs = require('fs');

https
  .createServer(
    {
      key: fs.readFileSync(__dirname + '/key.pem', 'utf-8'),
      cert: fs.readFileSync(__dirname + '/cert.pem', 'utf-8'),
    },
    function (req, res) {
      res.write('Congrats! You made https server now :)');
      res.end();
    }
  )
  .listen(3001);

You can see that it was launched as https://localhost:3001 and uses the HTTPS protocol.

ex) express.js

const https = require('https');
const fs = require('fs');
const express = require('express');

const app = express();

https
  .createServer(
    {
      key: fs.readFileSync(__dirname + '/key.pem', 'utf-8'),
      cert: fs.readFileSync(__dirname + '/cert.pem', 'utf-8'),
    },
    app.use('/', (req, res) => {
      res.send('Congrats! You made https server now :)');
    })
  )
  .listen(3001);

profile
메일은 매일 확인하고 있습니다. 궁금하신 부분이나 틀린 부분에 대한 지적사항이 있으시다면 언제든 편하게 연락 부탁드려요 :)

0개의 댓글