- Front-end
- HTML| CSS| JavaScript| Vue.js
Latest Recommendations
-
Php8, I'm coming too
84669 person learning
- native foundation
- HTML| CSS| HTML5| CSS3| JavaScript
Latest Recommendations
-
Learn website layout in 30 minutes
152542 person learning
- Introduction to Fundamentals
- MySQL| SQL Server
Latest Recommendations
-
Shangguan Oracle Beginner to Proficient Video Tutorial
20005 person learning
Latest Recommendations
-
Your first line of UNI-APP code
5487 person learning
-
Flutter from scratch to app launch
7821 person learning
- Tool usage
- PhpStudy| Git| Other tools
Latest Recommendations
-
Brother Lian New Linux Video Tutorial
359900 person learning
Latest Recommendations
-
AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)
3350 person learning
-
Zero Basic Proficiency PS Video Tutorial
180660 person learning
-
16 day UI video tutorial to get you started
48569 person learning
-
PS Techniques and Slicing Techniques Video Tutorial
18603 person learning
- Class Library Classification
- HTTP| TCP/IP| basic programming
Latest Recommendations
-
Alibaba Cloud Environment Construction and Project Launch Video Tutorial
40936 person learning
-
Overview of Computer Networks - Basic Knowledge that Programmers Must Master
1549 person learning
-
Essential Tutorial for Programmers - HTTP Protocol Explanation
1183 person learning
-
Websocket Video Tutorial
32909 person learning
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
The symmetric encryption method mentioned by @gaosboy is basically feasible. To enhance security, another simple solution is provided:
The advantage of this is that even if the key K or the key in any session is cracked, all sessions still cannot be completely decrypted. You must know K, the key splicing rules and the encryption method at the same time to completely crack .
I feel @yuanlizbyy’s solution is not reliable enough. The code and key are all on the client, so it's not difficult for those who really want to crack it. LZ thinks that the https handshake is too long-winded, so you can implement one yourself. It is much simpler. You only need to use a pair of public and private keys of RSA (or other asymmetric encryption systems). The client holds the public key and the server holds the private key.
Connection process:
1. The client generates a random key K (of course K needs to be strong enough), encrypts it with the public key, and then sends it to the server
2. The server uses the private key to decrypt and obtain K
3. The two directly use AES (key is K) to encrypt communication.
Advantages: safe (unless the server is invaded to obtain the private key, or the time-tested RSA/AES algorithm is cracked), fast (only the first round trip requires slightly slower RSA decryption).
Disadvantages: A handshake is required (but it can be solved: the round-trip handshake can actually be encrypted with the key K to send additional data).
Welcome to buy bricks.
I used to use symmetric encryption.
AES, the client maintains a private key, encrypts the data that needs to be encrypted and transmits it to the server through http, and then decrypts it
@felix021’s solution is more reliable than @yuanlizbyy’s