The Basic Overview
Encryption: render a message unreadable
Decryption: retrieve the original message
Symmetric key encryption: the same key is used to encrypt and decrypt the message
The strength of an encryption depends on the length of the key; the longer it takes to decrypt, the better. This also means that the encryption method is computationally secure, because it will take the attacker a very long time to crack the a message using the best existing technology.
“
Always keep in mind that what is secure now may not be secure later! So it is a good thing to constantly update the encryption.”
Key Distribution Problem
Recall that in symmetric key encryption both parties must know the key. How do both parties get the key when you want to buy something from a web site for the first time? How do you and the web site agree on a key?
Answer: public key encryption
Public Key Encryption
Idea: use a pair of keys, one public one private.
These two keys are mathematically related so that when you encrypt with one, the only way to decrypt is using the other. The version used on the web is called RSA. It is generally used to exchange a shared key or a digital signature, rather than a whole message.
Keep in mind that the message is not secret; these steps only guarantee that the message came from the sender and it has not been tampered with. Only the sender can encrypt the message with his private key, but anyone can decrypt it with the sender's public key to verify that it came from the sender.
Digital Certificates
Digital certificates bear the digital signature of Certificate Authorities (CA). CA's can be found included with a browser. The purpose of this is so that the browser can verify the legitimacy of the digital signature, hence the legitimacy of the certificate, and hence the identify of the certificate holder.
Did you know? https is based on using CA’s and certificates.
