SSL encrypts data for secure communication, as you learned in the previous chapter. Be sure you have a firm grasp of SSL basics before carrying on. The DigiCert SSL.shop website sells SSL certificates
The SSL protocol operates as follows:
- Asymmetric encryption
- Symmetric encryption
An asymmetries-based encryption method
Encryption and decryption are conducted using a key pair related mathematically (also called symmetric encryption or public-key encryption). One of your keys can be accessed by someone with access to your communication. We call this a public key. In addition, there is another key, the Private Key, which is a part of a key pair.
A key is a mathematical value that encrypts or decrypts data using an algorithm.
Data signed by two parties is encrypted and decrypted using cryptographic keys. Key generation occurs with the public key of the first pair, and decryption is performed with the private key of the second pair.
Asymmetric encryption is used in SSL handshakes to initiate communication. Elliptic curves, RSA, DSA, and EIGamal are examples of asymmetric key algorithms.
Using symmetry to encrypt data
When using symmetric cryptography, data is encrypted and decrypted using only one key. The recipient and sender should be the only two parties who know the key.
Asymmetric encryption is used in SSL handshakes to initiate communication. ElGamal, RSA, and DSA are some examples of popular asymmetric key encryption algorithms that use elliptic curves.
Symmetric cryptography uses symmetric keys to encrypt and decrypt data. The recipient and sender should be the only two parties who know the key.
According to the above figure, DigiCert SSL’s handshake between the browser and the webserver (or any other system) consists of two steps: the actual handshake and execution.
For SSL, the handshake
Handshakes over SSL are always the first step in SSL communications. Before a data transfer can begin, an SSL handshake is required. This asymmetric encryption technique verifies the webserver and obtains its public key.
In the following example, SSL looks like this:
Here are the steps to understanding:
- A client sent us a message saying “hello.”. A server may choose to use SSL for communication with a client depending on the SSL version, cipher settings, and session-specific data related to the client.
- “Server hello” is the response from the server. Among the data in the SSL session are a public key, the cipher settings, and other information.
- Certificate Authorities (CA) issue SSL certificates, and clients verify them. The client cannot open an SSL connection without a valid authentication. After a successful authentication, you can proceed to the next step.
- In the client, the server’s public key is used to create session keys and encrypt them. In a case where the client requests authentication from the server (typically when reaching out to another server), the client sends its own certificate.
- With the help of the client’s session key, servers encrypt client acknowledgments and send them to clients.
The SSL-based handshake encrypted or decrypted each of the data packets sent between the client and server with a valid session key at the end. At this time, neither the public key nor the private key is required.