Encryption Protocols & Digital Certificates

Encryption Protocols

Methods that secure communication over the internet by allowing parties to identify, verify, and communicate confidentially.

SSL/TLS Connection

A secure connection initiated between a client and server, beginning with a handshake.

Digital Certificate

A certificate issued by a Certificate Authority that verifies an organization’s identity and includes their public key.

Public Key

A cryptographic key that can be shared publicly and is used to encrypt messages that only the corresponding private key can decrypt.

Certificate Authority (CA)

An entity that issues digital certificates and verifies the identities of organizations.

Digital Signature

A hashed message, encrypted with the sender's private key, that verifies the authenticity and integrity of the message.

Hashing Algorithm

A function that converts input data into a fixed-length string, creating a digest for integrity verification.

Symmetric Session Keys

Keys used for encrypting data during the session established after an SSL/TLS handshake.

Handshake

The initial process where two parties establish a secure connection, exchanging information to confirm identities.

Use Cases of Encryption Protocols

Scenarios like transmitting passwords, session cookies, and conducting online shopping or banking securely.

How does an SSL/TLS connection work during initiation?

An SSL/TLS connection is initiated when a client contacts a server, starting with a handshake. The server sends its digital certificate and public key for the client to confirm its identity. They then agree on an encryption algorithm and generate symmetric session keys.

What is a Digital Signature process and verification method?

A digital signature is created by hashing a message to produce a digest, which is then encrypted with the sender's private key. Upon receipt, the message and digital signature are decrypted with the receiver's private key, and the digital signature is decrypted with the sender's public key. The decrypted message is hashed again to produce a new digest. If the new digest matches the original, the message integrity is confirmed.