Certificates signing & Encryption
Hi Folks,
We might have heard about the Handshaking Process🤝/Certificates🗊🗊/Data Encryption🔏 etc in our day-to-day IT works. But have you ever wondered, how this actually works...! So here I share my knowledge.
Certificates Signing, this performs the major role in handshaking process by providing the certificates; helping in securing transactions or data transfers in an encrypted environment.
.png)
.png)
Following the above steps will help to provide each and every detail of it, like CN(common/alias name), organization, issuer, serial no, validity, etc. If you export those certificates also, that requires tools like Portecle for Windows usually used, and Key Chain Access for mac to Open. It is also viewable from the cmd prompt. But all it requires is the password to open that cert😁.
.jpg)
To start with,
Securing of Messages/Data/Transaction we may require TLS(Transport Layer Security) or SSL(Secure Sockets Layer). TLS is the improved version or we can say Successor of SSL. TLS/SSL is the Standard Security Technology that works in the background to keep the online transaction/login secure.
Since we came across asymmetric, the difference is-
Dont be bored have last look below of this page😎
Here is how it works,
We might have heard about the Handshaking Process🤝/Certificates🗊🗊/Data Encryption🔏 etc in our day-to-day IT works. But have you ever wondered, how this actually works...! So here I share my knowledge.
Certificates Signing, this performs the major role in handshaking process by providing the certificates; helping in securing transactions or data transfers in an encrypted environment.
Where do we can see the certificates, what it looks like, what it contains..?
To answer all this ->
1. Search any websites in your browser
2. Click on 'View Site information'(locker symbol 🔒, left to the site)
3. select Connection is Secure option
4. In that click on 'Certificate is Valid'
.png)
.png)
.jpg)
Securing of Messages/Data/Transaction we may require TLS(Transport Layer Security) or SSL(Secure Sockets Layer). TLS is the improved version or we can say Successor of SSL. TLS/SSL is the Standard Security Technology that works in the background to keep the online transaction/login secure.
TLS/SSL creates a secured connection between the browser and server instantaneously the time you visit the website👀 having HTTPS. This protects both end user's information 💫and also authenticates the website organization.
Each TLS certificate consists of a key pair made of a 1. Public key and 2. Private key. These keys are important because they interact behind the scenes during website transactions.
1. Public Key Certificates:
A public key certificate provides a safe way for an object or content to pass on its public key to be used in asymmetric cryptography. In general Public Key is usually used to encrypt the message while sending.
A public key certificate can be thought of as the digital equivalent of a passport. It is issued by a trusted organization, or service consumer and provides identification for the bearer. That trusted organization that issues public key certificates is known as a Certificate Authority (CA). To obtain a certificate from a CA, one must provide proof of identity. Once the CA is confident that the applicant represents the organization, the CA signs the certificate attesting to the validity of the information contained within the certificate.
Since we came across asymmetric, the difference is-
In Symmetric-key encryption the message is encrypted by using a key and the same key is used to decrypt the message which makes it easy to use but less secure.
2. Private Key Certificates:
A Private key is for the safe decryption of the incoming entity or message. It also helps in Encryption, preventing others from impersonating. The private key will always be unique. whereas the public can be in any number.
A Private key is for the safe decryption of the incoming entity or message. It also helps in Encryption, preventing others from impersonating. The private key will always be unique. whereas the public can be in any number.
For encryption, the sender of the message uses the receiver's public key certificate to encrypt the message, while the receiver of the message uses its private key to decrypt the message😒. For digital signatures, the sender of the message uses a private key certificate to sign the message, and the receiver of the message uses the public key certificate of the sender to verify the signature.
Scenario:
For example 'Person A' is a consumer of 'Person B' service. Person B generates a private and public keys certificate and stores its private key in its certificate trust store and provides public keys to consumers. Consumers (person A)will install that certificate at their end.
This way Person B can decrypt the incoming request via SSL/TLS, and allow the valid incoming users to consume the required service.
A major benefit will be, that one private key will help in the decryption and secured data transfer of several consumers of the service.
Scenario:
For example 'Person A' is a consumer of 'Person B' service. Person B generates a private and public keys certificate and stores its private key in its certificate trust store and provides public keys to consumers. Consumers (person A)will install that certificate at their end.
This way Person B can decrypt the incoming request via SSL/TLS, and allow the valid incoming users to consume the required service.
A major benefit will be, that one private key will help in the decryption and secured data transfer of several consumers of the service.
Boring..! Send..recieve..secure...blah...blah...
Dont be bored have last look below of this page😎
Here is how it works,
- Every time you visit a website, the client-server and web browser communicates to ensure there is a secure TLS/SSL encrypted connection.
- When a web browser directs to a secured website, the website server shares its TLS/SSL certificate and its public key with the client to establish a secure connection and a unique session key.
- The browser confirms that it recognizes and trusts the issuer, or Certificate Authority and also checks to ensure the TLS/SSL certificate is unexpired, or unrevoked. This way, after confirmation, it reverts back one encrypted key to server
- The server decrypts the session key using its private key. The server then sends back an acknowledgment encrypted with the session key to start the secured connection.
- The server and browser now encrypt all transmitted data with the session key. They begin a secure session which helps in protecting message privacy, message integrity, and server security.
I shared the best of my knowledge😏, please comment/mail me at adityakumarj24@gmail.com if anything left out.
Thanks.
😀
Comments
Post a Comment