What happens when you search for a kitten (on the Internet). Part 3: TLS or how to protect your secrets

When you use HTTPS the data send over the internet is encrypted
In symmetric encryption we use the same key to encrypt and decrypt data
In asymmetric encryption we need separate keys to encrypt and decrypt data
  1. If you can decrypt data with key B, it must have been encrypted with key A.
  2. Data encrypted with key A can only be decrypted by those who have key B.
  1. Which TLS protocol to use? For example, TLS 1.3, TLS 1.2, TLS 1.1.
  2. Which key exchange algorithm to use? Here are some of the options: RSA, DH, ECDH, DHE, ECDHE, PSK.
  3. Which authentication algorithm to use to ensure that we talk to the correct server and not to a malicious impersonator? For example RSA, ECDSA, DSA
  4. Which encryption cipher to use? This will be the algorithm for encrypting the actual data sent between the server and client. We can use, for example, AES, CHACHA20, Camellia or ARIA
  5. Which hash/MAC function to use? We can choose SHA-256 or POLY1305
https://www.ssllabs.com/ssltest/analyze.html?d=www.petfinder.com&s=54.174.7.59

Step 1. Hello

  • Maximum TLS version supported by the client
  • Some random number
  • List of supported cipher suites (or protocols and algorithms which the client can work with)
  • Chosen TLS version and cipher suite
  • Random number
  • Server’s certificate, which contains its public key
  • Server key exchange message including a digital signature which is signed with the server’s private key. This will be used as proof that the message is indeed from the server we intended to talk to.
  • Hello done message

Step 2 Authenticating and partial creation of a symmetric key

  • Change cipher spec, indicating that it started using cipher suite according to server instructions
  • Client key exchange, containing encrypted pre-master key
  • List of all messages exchanged before. This will be used to make sure that no one has intercepted and modified communication between the client and the server.

Step 3. Creating an asymmetric encryption key

  • Inform about changing cipher spec, to indicate that from now on the symmetric encryption key will be used.
  • Encrypted finish message containing the whole conversation between the client and the server to ensure that there was no data manipulations during data transmission.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Olena Kutsenko

Olena Kutsenko

Software engineer, who is passionate about agility and sustainable software development achieved through simplicity, technical excellence and good design.