Rabi Siddique
1140 words
6 minutes
Basics of Encryption and TLS Handshake

In this day and age, almost every app makes use of encryption. Interestingly, this wasn’t always the case. In the early days of the internet, data was transferred as plain text. This wasn’t a significant problem because very few people were using the internet, and there weren’t activities like online banking, shopping, or the myriad of other things we do today. As the internet grew, so did the need to ensure that data was encrypted. But what exactly is encryption?

What is Encryption?#

Encryption is the process of converting plain text into an unreadable format known as ciphertext to prevent unauthorized access. Decryption is the reverse process, converting ciphertext back into readable plain text.

Encryption works by the sender and receiver agree on a specific key. This key is used to both encrypt and decrypt the data. For example, let’s say I have the text Rabi and want to send it to a friend. We decide to use 2 as our secret key and keep it between ourselves. In our case, this would imply that we shift each letter in the text two places forward in the alphabet.

So, R becomes T (R -> S -> T), a becomes c (a -> b -> c), and so on. Applying this to the entire text, Rabi becomes Tcek. When my friend receives Tcek, they use the same key (2) to shift the letters back to their original positions, turning T back to R, c back to a, and so on.

PlainText:   R  a  b  i
              |  |  |  |
              V  V  V  V
CipherText:  T  c  e  k

Key: 2 (same key for both sender and receiver)

This is a very simple example and anyone intercepting the message could easily figure out the key. But it gives you an idea of how encryption works.

There are two main types of encryption: symmetric and asymmetric.

Symmetric vs. Asymmetric Encryption#

  • Symmetric Encryption makes use of a single key that is used for both encryption and decryption. This means that anyone who holds the key can encrypt and decrypt messages to anyone else holding the key. This type of encryption scheme is often called shared secret encryption, or secret key encryption.

    The example we saw above, where each letter was shifted by 2, is a very simplified form of symmetric encryption. In real-world applications, much more sophisticated algorithms and keys are used. The main challenge with symmetric encryption is securely sharing the key between both the sender and receiver because if the key is intercepted during transmission, the security of the encrypted data is compromised. Some common Symmetric Encryption Algorithms are AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES (Triple DES) etc.

  • Asymmetric Encryption is a form of encryption that uses a pair of keys: a public key and a private key. The public key is used to encrypt the data, and the private key is used to decrypt it. The mathematical relationship between the public key and the private key allows the public key to encrypt messages that can only be decrypted by the private key. The public key can’t unlock anything, including messages sent by the private key. It’s a one-way process where the public key can only lock, and the private key can only unlock.

    Unlike symmetric encryption, the public key can be shared openly with anyone, while the private key remains confidential. This eliminates the need for a shared secret key and enhances security. Some common Symmetric Encryption Algorithms are RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography) etc.

We can conclude that symmetric encryption is faster for encrypting large amounts of data given given that it uses a single key and requires less computational power. On the other hand, asymmetric encryption provides a higher level of security for communications without the need for a shared secret key. You can read more about public-private key cryptography over here.

What is TLS and how it use Symmetric and Asymmetric Encryption#

The TLS (Transport Layer Security) is a process that ensures data exchanged between two computers is encrypted and secure. It encrypts data to ensure that only those involved in the communication are able to see the transmitted data or messages. A website that implements SSL/TLS has HTTPS in its URL instead of HTTP. Let’s see how it works:

The client, such as your web browser, sends a message to the server. The message will include:

  1. TLS version supported by the client.
  2. A list of encryption methods (cipher suites) can use.

The server responds back with:

  1. TLS version and cipher suite asked by the client.
  2. An SSL certificate, which includes the server’s public key and a digital signature from a trusted Certificate Authority (CA).

The client verifies the server’s identity using the SSL certificate. Most web browsers and operating systems already have public keys from trusted CAs, allowing them to confirm that the certificate is valid and was issued by the CA.

Now that the client has the server’s public key, it generates a pre-master secret and encrypts it using the server’s public key. If the server is the legitimate owner of the certificate, it will be able to decrypt the message and retrieve the original pre-master secret. This process involves Asymmetric encryption and serves as the authentication step, where the server proves its identity to the client.

Once the server proves its identity, both the client and server have the pre-master secret. They use this pre-master secret along with some other data to create a session key. This session key is like a master secret and is then used to encrypt data for the rest of the communication. From this point onward, Symmetric encryption is used.

In the final step, the client hashes all the handshake data up to this point, encrypts it with the session key, and sends it to the server. If the server has generated the correct session key, it will be able to decrypt the message and verify the hash. The server then sends a similar message back to the client to prove it also has the correct session key.

If both the client and server successfully verify each other’s messages, the TLS handshake is complete. They can now use the session key for secure, encrypted communication.

Client Server
| |
| ------ Client Hello --------------> |
| |
| <------ Server Hello ---------------- |
| (SSL Certificate) |
| |
| --- Verify Certificate (CA) --------> |
| |
| ------ Pre-Master Secret -----------> |
| (Encrypted with Server's |
| Public Key) |
| |
| <-> Generate Master Secret <-> |
| <-> Generate Session Key <-> |
| |
| ------ Client Finished ------------> |
| (Encrypted Hash of Handshake |
| Messages) |
| |
| <------ Server Finished ------------ |
| (Encrypted Hash of Handshake |
| Messages) |
| |
| <-> Secure Communication <-> |
| (Symmetric Encryption) |

Read More Sources#

Basics of Encryption and TLS Handshake
https://rabisiddique.com/posts/encryption/
Author
Rabi Siddique
Published at
2024-05-25