In this article, we have discussed encryption in details and we have tried to answer the what, why and how of encryption when client makes connection to the server.
What is Encryption?
Data can be scrambled using encryption so that only authorised parties can decipher it. Technically speaking, it is the process of changing plaintext that can be read by humans into ciphertext, which is incomprehensible text. In plainer terms, encryption changes readable data to make it seem random. A cryptographic key, or collection of numbers that the sender and the recipient of an encrypted message both agree upon, is needed for encryption.
How does Encryption Work?
Data is changed mathematically during encryption using a key and an encryption algorithm. Imagine that Alice writes “Hello” in her message to Bob, but she substitutes the letter that is two positions later in the alphabet for each letter in the message. Her message now says “Khoor,” not “Hello.” Thankfully, Bob recognises the key as “3” and can decrypt her message to reveal “Hello.”
Alice’s message to Bob was encoded using a very basic encryption method. The message can be further obscured by using more difficult encryption algorithms.
Despite the fact that encrypted data appears random, encryption works in a logical, predictable manner, making it possible for someone who gets encrypted data and has the proper key to decrypt it and restore it to plaintext. A third party will be extremely unlikely to be able to decrypt or break the ciphertext via brute force, or by guessing the key, when using truly secure encryption, which employs keys that are sufficiently complicated. (Alice’s original encryption scheme would be swiftly cracked.)
When data is stored, it can be encrypted “at rest,” and it can also be done “in transit,” when it is being sent to another location.
Key in Cryptography:
A string of characters called a cryptographic key is used in an encryption method to change data so that it appears random. It locks (encrypts) data, just like a real key, so that only someone with the proper key may unlock (decrypt) it.
Different Types of Encryption?
Symmetric and asymmetric encryption are the two major types of encryption. Public key encryption is another name for asymmetric encryption.
Symmetric encryption uses a single key that is used by all communicating parties for both encryption and decryption. Asymmetric encryption, often known as public key encryption, uses two keys: one is used for encryption and the other for decryption. While the encryption key is made available to everyone (thus the name “public key”), the decryption key is kept secret (hence the name “private key”). TLS (commonly referred to as SSL) is built on the technology of asymmetric encryption.
What is an Encryption Algorithm?
Data is converted into ciphertext using an encryption technique. The data will be altered by an algorithm using the encryption key in a predictable fashion, such that even though the encrypted data will seem random, it can be decrypted and returned to plaintext with the decryption key.
Commonly used Symmetric Encryption Algorithms include:
- AES
- 3-DES
- SNOW
Commonly used Aymmetric Encryption Algorithms include:
- RSA
- Elliptic curve cryptography
How Encryption Helps in Secured Communication
While encryption is fundamental to many different technologies, it is crucial for maintaining the security of HTTP requests and answers. This is accomplished through a technology known as HTTPS (Hypertext Transfer technology Secure). A website that uses HTTPS as opposed to HTTP will have a URL that starts with https:// rather than http://, which is typically indicated by a locked key in the address bar.
The Transport Layer Security (TLS) encryption mechanism is used with HTTPS. TLS has supplanted SSL, an earlier encryption technology known as Secure Sockets Layer (SSL), as the industry standard. The origin server of a website that uses HTTPS will have a TLS certificate loaded. Find out more about HTTPS and TLS.
Cryptographic Key
A key is a collection of random characters arranged in a specific way. Data is changed using encryption techniques so that it is scrambled and cannot be decoded by anyone without the key.
An algorithm for data encryption scrambles a message into an unintelligible form known as ciphertext using a (secret) key. Using a decryption key, the original message can be extracted from the ciphertext.
The encryption and decryption keys of a symmetric encryption scheme are identical. Because anyone in possession of the secret key can encrypt and decrypt data, the term “symmetric key” is frequently used.
In contrast, an asymmetric encryption method, commonly known as public-key encryption, uses two keys: one is private and is only used for decrypting ciphertexts, while the other is public and can be used to encrypt data.
Usage of Keys in SSL encryption (HTTPS)
Asymmetric encryption, commonly referred to as public key encryption, and symmetric encryption are the two types of encryption. With symmetric encryption, the same key is used by both parties to convert plaintext to ciphertext and vice versa.
Asymmetric or public key encryption uses two separate keys on either side of the conversation. One key is known as the public key, while the other is known as the private key, so named because one of the parties never divulges it to anybody else. Only the private key can decrypt plaintext when it has been encrypted using the public key.
A website that uses HTTPS instead of HTTP is encrypted using the SSL (or TLS, as it is now known) protocol, which is used to secure Internet connections. A website or web application that uses TLS/SSL will have a public key and a private key.
Anyone can view the public key that is shared publicly in the SSL certificate of the website. On the origin server, the private key is installed and is never made public.
TLS handshakes, which are the beginning of TLS/SSL communication sessions, are when the website and the client utilise the public key and the private key to create new session keys. Then, both parties use these session keys to encrypt their correspondence.
As a result, TLS begins with asymmetric encryption (using two keys) before switching to symmetric encryption (using one key). During a communication session, both parties share the same keys; however, when a new session begins, they jointly generate new keys.
What is a session key?
Any symmetric cryptographic key used to encrypt a single communication session alone is referred to as a session key. For the purposes of encrypting and decrypting data communicated between two parties, it is, in other words, a temporary key that is only employed once, during a single period of time; subsequent discussions between the two would be encrypted with other session keys. A session key is comparable to a password that is changed each time a user logs in.
The two communicating parties (the client and the server) in TLS (formerly known as “SSL”) produce session keys at the beginning of any communication session, during the TLS handshake. Although these keys aren’t technically referred to as “session keys” in the official TLS RFC, that’s exactly what they are in terms of functionality.
What is a session?
A session is essentially just two people talking to each other once. When two devices accept one another and establish a virtual connection, a network session is initiated. It concludes when the two devices exchange “close_notify” signals to cease the connection after exchanging all the information they require, much like when two individuals text each other and say, “Talk to you later.” Additionally, if there is no activity for a period of time, such as when two people are texting and stop exchanging texts, the connection may time out.
A session may last for a predetermined amount of time or for as long as the two parties are in communication. If the first scenario occurs, the session will end after a certain period of time; in the case of TLS encryption, the two devices will then need to exchange data and create new session keys to reopen the connection.
Which Encryption is Used in HTTPS
HTTPS, which combines HTTP with the TLS protocol, makes use of both varieties of cryptography (symmetric and asymmetric). A TLS handshake is the first step in every TLS communication. Asymmetric cryptography is necessary for the TLS handshake to function.
The session keys are established by the two communicating devices during the TLS handshake and are then used for symmetric encryption for the duration of the session (unless the devices decide to update their keys in-between sessions). A client, or user device, such as a laptop or smartphone, and a server, which is any web server that hosts a website, are typically the two connecting devices. (See What is the client-server model for additional information.)
Additionally, the client and server do following during the TLS handshake:
- Asymmetric cryptography is used to securely negotiate the cryptographic algorithms to be used.
- Check the server’s identity using the asymmetric cryptography contained in its TLS certificate.
Asymmetric Encryption
Asymmetric encryption, also referred to as public key cryptography or SSL cryptography, encrypts and decrypts data using two different keys. With asymmetric encryption, anyone can use the public key to encrypt a message. However, decryption keys are kept private. This way only the intended recipient can decrypt the message.
RSA is the most widely used asymmetric encryption algorithm. RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman— the men who first publicly used the algorithm in 1977. Asymmetric keys are typically 1024- or 2048-bits. However, keys smaller than 2048-bits are no longer considered safe to use. With 617 digits in use, 2048-bit keys have a large number of distinctive encryption codes.
Although larger keys can be generated, they are rarely used because of the significant increase in computational complexity. To put that into perspective, breaking a 2048-bit certificate would take an average computer more than 14 billion years.
Symmetric Encryption
The same key is used for both data encryption and decryption in symmetric encryption.
The key must be known by the two or more communication parties for symmetric encryption to function, and it must be impossible for a third party to guess or steal the key for it to remain safe.
So in this type of encryption, the same key is required for communication between the sender and the recipient. The standard symmetric key size is 128 or 256 bits; the greater the key size, the more difficult it is to decrypt. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. You can see that it would take a lot of time to break a 128-bit key using a “brute force” assault, which involves trying every key until the attacker finds the correct one. The encryption capabilities of both the server and the client software determine whether a 128-bit or 256-bit key is utilised. The choice of key size is independent of TLS/SSL certificates.