Https
This article will continue our series on cryptography. Our articles to date have discussed random numbers, pseudorandom numbers, cryptographically secure pseudorandom numbers hashing digital signatures and digital certificates. In this article, we will learn more about https. We all use https every day when connecting to web resources. For many years most websites used simply http. Https is an extension of http, which provides end to end encryption of web traffic from a client computer to a given website. Https originally used SSL (secure socket layer) but now uses TLS (transport layer security) as its protocol of encryption.
Asymmetric encryption
Https functions using both asymmetric and symmetric encryption. Asymmetric encryption, also known as public key encryption, is where you have a key pair – one public key and one private key. Messages are encrypted using your private key and the recipient can decrypt them using your public key.
Symmetric encryption
Symmetric encryption is where you encrypt a message using a key and the recipient uses that same key to decrypt the message.
Secure communication
Symmetric encryption is great but, on the internet, how can you securely share an encryption key with another person? That is where digital certificates come into the picture. In our last article about digital certificates, we explained how a digital certificate contains: 1. Information about an entity’s identity (abc.com); 2. The public key of that identity. Your website abc.com publishes its digital certificate and, when a user comes to the website, the Https handshake protocol will execute.
Handshake protocol
First a user contacts website abc.com by sending a “hello” message, which includes a string of random bytes known as the “client random”.
The server responds by sending a “hello” message, which includes a string of random bytes known as the “server random” and the website’s digital certificate.
The user verifies the digital certificate of the website, which confirms the identity of the site.
The user then sends to the server a random string of bytes, known as the “premaster secret”, encrypted using the public key contained in the website’s digital certificate. Note that this is the first time a message between the user and server has been encrypted. By using the public key contained in the website’s digital certificate, only the website can decrypt this random string
Both the user and the server will generate symmetric keys, known as session keys using: 1. Client random; 2. Server random; 3. Premaster secret, which completes the handshake.
Now all traffic to and from the website will be encrypted/decrypted using these session keys, providing end to end encryption for the entire interaction.