Show awareness of the Secure Socket Layer (SSL)/Transport Layer Security (TLS)
17.1 Encryption, Encryption Protocols and Digital Certificates
What is Encryption? 🔒
Encryption is like putting your secret diary in a lockbox. The lockbox (cipher) hides the diary’s contents (plain text) so that only someone with the right key can open it and read the message. In computing, we use mathematical algorithms to transform data into an unreadable form called ciphertext.
Symmetric vs. Asymmetric Encryption ⚔️
| Type | Key(s) | Speed | Use Case |
|---|---|---|---|
| Symmetric | One secret key for both encryption & decryption | Fast | Bulk data transfer, file encryption |
| Asymmetric | Public key (anyone can use) & private key (only owner) | Slower | Key exchange, digital signatures |
Digital Certificates 📜
A digital certificate is like a passport for a website. It proves that the website is who it says it is and that it has a valid public key. The certificate is issued by a trusted Certificate Authority (CA) and contains:
- Website’s public key
- Owner’s identity (domain name, organisation)
- Validity period (start & end dates)
- CA’s digital signature (to verify authenticity)
SSL/TLS: The Secure Web Connection 🌐🛡️
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that create a secure channel over the internet. They combine symmetric and asymmetric encryption, digital certificates, and hashing to keep data private and tamper‑proof.
TLS Handshake Steps
| Step | What Happens |
|---|---|
| 1. Client Hello | Client sends supported TLS versions & cipher suites. |
| 2. Server Hello | Server picks TLS version & cipher, sends its certificate. |
| 3. Key Exchange | Client generates a pre‑master secret, encrypts it with the server’s public key, and sends it. |
| 4. Master Secret | Both sides derive the same master secret from the pre‑master secret. |
| 5. Session Keys | Master secret is used to generate symmetric session keys. |
| 6. Finished Messages | Both sides send a hash of all handshake messages to confirm integrity. |
| 7. Encrypted Data Transfer | All subsequent data is encrypted with the session keys. |
Why SSL/TLS Matters 🚀
- 🔐 Confidentiality – data cannot be read by eavesdroppers.
- 🛡️ Integrity – ensures data hasn’t been altered in transit.
- ?? Authentication – verifies that you’re talking to the real website.
- 💬 Privacy – protects personal information like passwords and credit card numbers.
Quick Recap: Key Points 📚
- Encryption hides data; decryption reveals it.
- Symmetric uses one key; asymmetric uses a key pair.
- Digital certificates prove identity and bind a public key to a domain.
- SSL/TLS uses a handshake to agree on keys, then encrypts all traffic.
- HTTPS (HTTP over TLS) is the standard for secure web browsing.
Fun Fact 🤓
The first version of SSL was released in 1995 by Netscape. It was called SSL 1.0 but was never released publicly because it had serious security flaws. The first public version was SSL 2.0, and TLS 1.0 (the successor) was published in 1999. Today, TLS 1.3 is the most secure and efficient version in use.
Your Turn: Identify the Encryption Type 🔍
Read the following scenarios and decide whether symmetric or asymmetric encryption is being used. Write your answer in the margin!
- A company encrypts a large database file before sending it to a partner.
- A user sends a secure email to a friend using PGP.
- A website uses HTTPS to protect users’ login credentials.
Answer Key:
- Symmetric (fast for large data)
- Asymmetric (PGP uses public/private keys)
- Both – TLS handshake uses asymmetric to exchange a symmetric session key.
Revision
Log in to practice.