How HTTPS works.
Hypertext Transfer Protocol Secure(HTTPS) is an extension of HTTP that utilizes Transport Layer to encrypt communication between a client and a server. Any intercepted data will be unreadable and secure from tampering and eavesdropping.
Below is the process of encrypting and decrypting data.
The Journey begins with the client, this can be the browser establishing a TCP connection with the server.
Next comes the “Client hello” where the browser sends a message containing supported cipher suites and the highest TLS version it can handle. Cipher suites are sets of algorithms that typically include: a key exchange method to share keys between devices, a bulk encryption algorithm to encrypt data, and a message authentication code algorithm to check data integrity.The server responds with a “Server hello”, confirming that the Chosen Cipher suite and TLS version that they both can understand. The server then sends a TLS certificate to the client, it’s domain name, certificate authority signature, and the server’s public key. The client checks this certificate to validate it is trusted and belongs to the server.
Once the TLS certificate is validated, the client creates a session key to be used for encrypting the bulk data transfer. Bulk data transfer refers to the transmission of the actual application data between Client and Server once the secure TLS Connection is established. To securely send this session key to the server, it’s encrypted with the server’s public key. The server, with its private key, is the only one who can decrypt this encrypted session key.
Now that both parties have the secret session key, they shift gears to symmetric encryption. Its like they’ve agreed on a private language that only they can understand. This makes the data transfer very secure. Symmetric encryption is much faster for large amounts of data.
It is that simple and straightforward.
Thank you and see you in the next one.