What is HTTPS ? How it Works-
The full form of HTTPS is “HyperText Transfer Protocol Secured” . It is a secured version of HTTP, it uses SSL (Secured Socket Layer) which transfers data between browser and server in encrypted form.
HTTPS has three main goals:
- Privacy : Encrypting the data so that no middleman can read the data between the client and the server.
- Integrity : To ensure that the data does not change between the two end.
- Authentication : In this system, both the client-server have to prove their identity to each other, to determine whether the communication that is being carried out, whether its identity is really what it is telling.
In HTTPS connection all the data is encrypted by cryptography i.e. it is converted into a format which is difficult to decode without decryption key and similarly sensitive information being transferred is protected.
You must have seen https: // at the beginning of the URL of a website, this means that your data has been secured trough SSL. You can see Secure written with a lock icon in green color in front of such URL in Chrome’s address bar.
- https : // www . facebook . com
How does HTTPS work?
As we have already told you that all the data in HTTPS are encrypted and transfer from one end to another so if you want to understand how HTTPS works then you have to understand the concept of cryptography for this.
To understand this, you should know some of the terms given below:
What is cryptography?
It is a method through which ordinary information (plan text) is converted into an unreadable format that only authorized user can read.
What are Public and Private Keys?
In cryptography, two types of keys are heavily used to keep communication private and secure, one is “public key” and the other is “private key” which is used for data encryption and decryption.
There are some algorithms for this work from which keys are generated; The private key is retained and the public key is distributed publicly.
If someone wants to send you a secrete message, it encrypts the message with the public key you have given, which you will have to decrypt with your private key to read.
What is a session key?
This is also a type of encryption decryption key that is generated randomly and remains valid for a certain session i.e. a certain time and then its validity is over.
What is Symmetric Encryption?
When you encryption from both the user and website through the same key, it is called symmetric encryption and that key is called symmetric key.
After understanding this, let’s come back to our topic and try to understand step by step how HTTPS encryption works :
- Suppose you type the address of a website Facebook in the browser and press enter.
- Your browser requests Facebook’s server for HTTPS connection.
- Facebook sends its public key to you and keeps the private key with you.
- Your browser generates a third key called a session key.
- Your system encrypts the session key with the public key given by Facebook and sends it to Facebook.
- Now Facebook’s server decrypt that session key with its private key. Now both your browser and server have session key available.
- Now here the session key will work like a symmetric key and through symmetric encryption, your connection will be established until you close the site.
What is the difference between HTTP and HTTPS?
- HTTP URLs begin with http: // while HTTPS URLs start with https: //.
- HTTP is an unsecured protocol while HTTPS is secured.
- HTTP does not have encryption but encryption is necessary for HTTPS connection.
- If we talk about security certificate, it is not required in HTTP but it is necessary for website identity in HTTPS.
- Data transfer in HTTP is via port 80, while port 443 is used in HTTPS.
- A website like a blog or school, college, which has been created to share information, can use HTTP but sites like shopping sites, social sites, banking should use HTTPS so that sensitive data like password, credit card detail etc. Be safe
In today’s time, everyone uses the internet , so everyone should know what HTTP and HTTPS are, what is their use. Apart from this , what is the difference between HTTP and HTTP should also be known so that we can transfer our data securely from one end to another end on the internet.