DEV Community

Cover image for Understanding SSL/TLS: How Encryption Secures Your Online Communications
AryaGG
AryaGG

Posted on • Edited on

Understanding SSL/TLS: How Encryption Secures Your Online Communications

Image Description

  • SSL is Encryption based internet security protocol. Encryption - Process of converting information or data into a code to prevent unauthorized access. Protocol - A set of rules or procedures for transmitting data between electronic devices.

So first we need to know what is Encryption.

Image description

  • We need to ensure that data is transferred securely and only authorized people can access it.

Example: Imagine sending a letter to a friend. You lock it in a box with a special key (encryption), making it unreadable to others. You send the box, and even if someone intercepts it, they can’t open it without the key. When your friend gets the box, they use their matching key (decryption) to unlock it and read the letter.

  • Data encryption is the process of converting data from a readable format to scrambled piece of information that only be read or processed after its been decrypted.

Image description

  • Cryptography is the science of encrypting and decrypting data to prevent unauthorized access.

Symmetric Encryption Method

Image description

  • Also called Private-key cryptography/secret key algorithm

  • Process of using a single key(Private key) to both encrypt and decrypt data. Both the sender and receiver of the message need to have a pre-shared secret key that they will use to convert the plaintext into ciphertext and vice versa.

  • The key must be kept private and be known only to the sender and the receiver.

Imagine you have a lockbox where you keep your important documents. You and your friend both have a key to this lockbox. This key is the same for both of you, and it’s the only way to open the lockbox.

In symmetric encryption:

The lockbox represents the data you want to protect.

The key represents the secret code used to encrypt and decrypt the data.

Here’s how it works:

Encrypting: When you want to send a secret message to your friend, you put the message in the lockbox and lock it with the key. This is like converting your readable message into a coded format that only someone with the key can understand.

Decrypting: Your friend receives the lockbox and uses their copy of the key to unlock it and read the message. This is like converting the coded message back into its original, readable format.

The key point is that both you and your friend use the same key for both locking (encrypting) and unlocking (decrypting) the message. This is why it’s called “symmetric” encryption.

Image description


Asymmetric Encryption Method

Image description

  • Public-key cryptography

  • Uses two keys for the encryption process, a public and a private key, which are mathematically linked. The user employs one key for encryption and the other for decryption, though it doesn’t matter which you choose first.

  • As the name implies, the public key is freely available to anyone, whereas the private key remains with the intended recipients only, who need it to decipher the messages. Both keys are simply large numbers that aren’t identical but are paired with each other, which is where the “asymmetric” part comes in.

Imagine you have a mailbox with a special lock. This lock has two keys:

A public key that anyone can use to lock (encrypt) the mailbox.

A private key that only you have, which can unlock (decrypt) the mailbox.

Here’s how it works:

Public Key (Locking): You give your public key to anyone who wants to send you a message. They use this key to lock (encrypt) the message and put it in your mailbox. Since the public key is only for locking, it doesn’t matter if others see it.

Private Key (Unlocking): When you receive the locked message, you use your private key to unlock (decrypt) it and read the message. Only you have the private key, so only you can unlock the mailbox and read the messages.

`
Public Key: Think of it as your email address. You can share it with anyone, and they can send you emails.

Private Key: This is like your email password. Only you know it, and it allows you to access your emails.`

  • When someone wants to send data, they will retrieve the recipient’s public key from a public directory and use it for encryption before sending. The recipient can then decrypt the message using their corresponding private (secret) key.

  • Many protocols rely on asymmetric cryptography, including Transport Layer Security (TLS) and Secure Sockets Layer (SSL), which make HTTPS possible.

  • Asymmetric cryptography is typically used to authenticate data using digital signatures.

Digital Signatures

  • A digital signature is like a virtual fingerprint, stamped seal or a handwritten signature, but for digital documents. It ensures that the document is authentic and hasn’t been altered.

  • Here’s how it works:

  1. Creating a Signature: When you sign a document digitally, a unique code (called a hash) is created from the document’s contents.

  2. Encrypting the Hash: This hash is then encrypted using your private key (more on keys below). This encrypted hash is your digital signature.

  3. Verifying the Signature: When someone receives the document, they can use your public key to decrypt the hash. They then create a new hash from the document and compare it to the decrypted hash. If they match, the document is verified as authentic and unaltered.

  • Imagine you want to send a secure email to a friend:
    1. You write the email and create a hash of its contents.
2. You encrypt the hash with your private key to create a digital 
   signature.

3. You send the email along with your digital signature.

4. Your friend receives the email and uses your public key to decrypt 
   the signature.

5. They create a new hash from the email and compare it to the 
   decrypted hash. If they match, your friend knows the email is from 
   you and hasn’t been changed.
Enter fullscreen mode Exit fullscreen mode

Image description

Hashing

  • Hashing is like creating a unique fingerprint for a piece of data or a message(a fixed-length string of characters).

  • Even a tiny change in the original data will result in a completely different hash, making it easy to spot alterations.

  • Once data is hashed, you can’t reverse it back to the original form. This makes hashing great for verifying data integrity.

  • Not Encryption: Hashing isn’t really encryption because you can’t decrypt it. It’s just a way to check that the data is the same as it was originally.

Hashing is used to verify the integrity of data, ensuring it hasn’t been altered. While it’s not exactly the same as authentication (which confirms the identity of a user), hashing helps confirm that the data is exactly what it should be.

Encryption for Internet browser secure

  • HTTP is application layer protocol like a conversation between browser & web server. Browser asks for a webpage (request), and the server sends it back (response). This simple process allows you to browse the internet.

  • HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP.

  • HTTPS uses a protocol called TLS-Transport Layer Security (formerly SSL-Secure Sockets Layer) to encrypt communications. This protocol secures data by using an asymmetric system with two keys: a public key and a private key.

  • HTTPS uses port 443 and for HTTP it is 80.

  • A Certificate Authority (CA) is a trusted organization that issues digital certificates. These certificates are used to verify the identity of websites and other entities on the internet. Essentially, CAs act as a trusted third party that both the website owner and the user can rely on.

Image description

  • When you visit a website, your browser checks the certificate to ensure it’s valid and issued by a trusted CA. If everything checks out, the browser establishes a secure connection.

Image description

  • The SSL/TLS handshake is a process that establishes a secure connection between a client (like a web browser) and a server (like a website). During this handshake, the client and server exchange cryptographic keys and agree on encryption methods to ensure data privacy and integrity. The process involves several steps: the client sends a “ClientHello” message to the server, the server responds with a “ServerHello” message, and both parties exchange certificates to authenticate each other. They then generate session keys used to encrypt the data transmitted during the session. This handshake ensures that any data exchanged is secure and protected from eavesdropping or tampering.

Image description

Top comments (0)