25 February 2018

HTTP Vs HTTPS

HTTP is short form for Hyper Text Transfer  Protocol. It is used for communication between website and user(browser). Information going to and from the server is plain text.

HTTPS is nothing but the (S)Secured HTTP protocol. Information going to and from the server is encrypted.

How this security is assured:
How to convert a website to use https:

SSL certificate does this job.SSL is short form for Secure Socket  Layer.
One need to buy a SSL certificate from certified authorities(CA) and it need to be installed in host.
All popular browsers recognize the certificates from CAs.

How HTTPS works with SSL certificate:

SSL is the protocol used to make the communication secure by encrypting the messages between website and user.
It uses asymmetric keys to secure the transport between browser and server.
It uses asymmetric and symmetric encryption techniques to encrypt the messages between sender and receiver.
Server uses private key to decrypt the message.Public key is shared across all the clients.
Server sends SSL certificate certified by trusted authorities.It includes public key information.
Client(browser) generates a key(client key) and encrypts the message with it and encrypt the message again with it public key.
Server receive the message and decrypt it with its private key.
Now the communication happens with the symmetric key generated by client and it is valid for that session. For every new session,client generates new symmetric key.

How asymmetric key works:

Message will by multiplied by certain number(public key) and the inverse of the same can be used as  private key.
Example:
If a message has been multiplied by it self 3 times, 0.33(1/3) will be private key and 3 is the public key.
Sender -M--->M*M*M--->M*M*M--->M3(1/3)-->M- Receiver.
Popular asymmetric encryption algorithms use different number with log functions to generate symmetric and asymmetric keys.
Examples:
RSA


No comments: