HTTPS and secure communication on the internet

Soumyajyoti Mahalanobish's photo
Soumyajyoti Mahalanobish
·

3 min read

There are two types of encryption/decryption systems, Symmetric and Asymmetric/Public Key methods.

Symmetric Encryption: Where you encrypt and decrypt a given piece of information using the same key.

Symmetric-key algorithm - Wikipedia

Now what it might look like is that this encryption method alone doesn't make sense from a security point of view, because any intruder on the internet can intercept the traffic, get hold of the key and eventually decrypt the message.

But most importantly, the key used here is around 128/256 bits so this encryption and decryption method are much faster which is also why this is the most widely secure encryption method to date.

Asymmetric/Public Key Encryption: Here unlike symmetric systems, there are two keys involved namely:- the secret key and the public key. The encryption would happen with the Public key but can only be decrypted by the only private key of that key pair.

These keys are fairly big like 1024 bits which is why this asymmetric system of encryption and decryption is slow as compared to a symmetric system.

What is asymmetric encryption? — Bitpanda Academy

But in the mechanism of HTTP -> HTTPS and securing our communications a combination of both symmetric and asymmetric systems are utilised.

Step by Step communications between a server and a client while establishing a secure connection( HTTPS ):

  • The user's browser initiates a secure connection ( SSL/TLS Handshake ) with a server by requesting a secure web page using the HTTPS protocol.

  • The server responds by sending its digital certificate to the browser. This certificate contains the server's public key, which is used to encrypt and decrypt data, as well as other information such as the name of the certificate authority that issued the certificate.

  • The browser verifies the certificate by checking that it has been issued by a trusted certificate authority and that it has not been tampered with or expired.

  • Once the certificate is verified, the browser generates a random symmetric key, which is used to encrypt and decrypt data during the secure session.

  • The browser then sends the symmetric key to the server, encrypted with the server's public key from the certificate.

  • The server receives the encrypted symmetric key and uses its private key to decrypt it, obtaining the symmetric key.

  • From this point on, all data exchanged between the browser and the server is encrypted using the symmetric key, which provides faster and more efficient encryption than using the public-key algorithm alone.

  • The secure connection is indicated to the user through a green padlock icon in the browser's address bar, along with the "HTTPS" prefix in the URL.

  • The connection remains secure until the session is closed or the user navigates to a non-secure page.

This is how SSL encryption with digital certificates and certificate authorities provides a secure and reliable way to protect sensitive information transmitted over the internet, ensuring privacy and data integrity.

httpsnetworkingITtroubleshootingTLS