All about SSL Cryptography |

Everything You Want to Know about the Cryptography behind SSL Encryption


SSL ( Secure Sockets Layer ) is a standard security engineering for establishing an encrypted associate between a waiter and a client—typically a web server ( web site ) and a browser ; or a mail waiter and a mail customer ( for example, Outlook ). It allows medium data such as credit circuit board numbers, sociable security system numbers, and login credentials to be transmitted securely. To establish this plug connection, the browser and the server need an SSL Certificate .
But how is this accomplished ? How is datum encrypted so that no one—including the earth ’ randomness biggest extremely computers—can ace it ?
This article explains the technology at work behind the scenes of SSL encoding. It covers asymmetrical and symmetrical keys and how they work together to create an SSL-encrypted joining. It besides covers different types of algorithm that are used to create these keys—including the mathematical equations that make them virtually impossible to crack .
not surely you understand the basics of SSL Certificates and technology ? Learn about SSL Certificates > >

Asymmetric Encryption

asymmetrical encoding ( or public-key cryptography ) uses a discriminate key for encoding and decoding. Anyone can use the encoding key ( public keystone ) to encrypt a message. however, decoding keys ( individual keys ) are secret. This way only the intended receiver can decrypt the message. The most common asymmetrical encoding algorithm is RSA ; however, we will discuss algorithm late in this article .
Asymmetric encryption diagram
Asymmetric keys are typically 1024 or 2048 bits. however, keys smaller than 2048 bits are no long considered safe to use. 2048-bit keys have adequate alone encoding codes that we won ’ thyroxine write out the total here ( it ’ sulfur 617 digits ). Though larger keys can be created, the increase computational burden is so significant that keys larger than 2048 bits are rarely used. To put it into position, it would take an average computer more than 14 billion years to crack a 2048-bit certificate. Learn more > >

Symmetric Encryption

symmetrical encoding ( or pre-shared key encoding ) uses a one key to both encrypt and decrypt data. Both the sender and the recipient need the lapp samara to communicate .
Symmetric encryption diagram
Symmetric key sizes are typically 128 or 256 bits—the larger the key size, the hard the key is to crack. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encoding code possibilities. As you can imagine, a ‘ beast force out ’ attack ( in which an attacker tries every possible winder until they find the right one ) would take quite a bit of time to break a 128-bit key .
Whether a 128-bit or 256-bit key is used depends on the encoding capabilities of both the server and the node software. SSL Certificates do not dictate what key size is used .

Which Is Stronger?

Since asymmetrical keys are bigger than symmetrical keys, data that is encrypted asymmetrically is tougher to crack than data that is symmetrically encrypted. however, this does not mean that asymmetrical keys are bettor. Rather than being compared by their size, these keys should compared by the be properties : computational load and relief of distribution .
symmetrical keys are smaller than asymmetrical, so they require less computational burden. however, symmetrical keys besides have a major disadvantage—especially if you use them for securing data transfers. Because the same key is used for symmetrical encoding and decoding, both you and the recipient need the identify. If you can walk over and tell your recipient the key, this international relations and security network ’ t a huge deal. however, if you have to send the identify to a exploiter center around the world ( a more probable scenario ) you need to worry about data security .
asymmetrical encoding doesn ’ thymine have this problem. vitamin a long as you keep your private key secret, no one can decrypt your messages. You can distribute the correspond populace key without worrying who gets it. Anyone who has the public key can encrypt data, but only the person with the private samara can decrypt it .

How SSL Uses both Asymmetric and Symmetric Encryption

Public Key Infrastructure ( PKI ) is the arrange of hardware, software, people, policies, and procedures that are needed to create, do, distribute, use, store, and revoke digital certificates. PKI is besides what binds keys with exploiter identities by means of a Certificate Authority ( CA ). PKI uses a hybrid cryptosystem and benefits from using both types of encoding. For model, in SSL communications, the server ’ mho SSL Certificate contains an asymmetrical public and secret samara couple. The session keystone that the server and the browser create during the SSL Handshake is symmetrical. This is explained further in the diagram below.

Browser Server Communication

  1. Server sends a copy of its asymmetric public key.
  2. Browser creates a symmetric session key and encrypts it with the server’s asymmetric public key. Then sends it to the server.
  3. Server decrypts the encrypted session key using its asymmetric private key to get the symmetric session key.
  4. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the browser and the server know the symmetric session key, and the session key is only used for that session. If the browser was to connect to the same server the next day, a new session key would be created.

Public-Key Encryption Algorithms

Public-key cryptography ( asymmetrical ) uses encoding algorithms like RSA and Elliptic Curve Cryptography ( ECC ) to create the populace and secret keys. These algorithms are based on the intractability* of certain mathematical problems .
With asymmetrical encoding it is computationally comfortable to generate populace and private keys, code messages with the public key, and decode messages with the individual key. however, it is extremely unmanageable ( or impossible ) for anyone to derive the private key based only on the public key .


RSA is based on the assume trouble of factoring large integers ( integer factorization ). Full decoding of an RSA ciphertext is thought to be impracticable on the assumption that no efficient algorithm exists for integer factorization .
A drug user of RSA creates and then publishes the product of two large prime numbers, along with an aide measure, as their public key. The prime factors must be kept privy. Anyone can use the public keystone to encrypt a message, but only person with cognition of the prime factors can practicably decode the message .
RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman— the men who first publicly described the algorithm in 1977 .


egg-shaped crook cryptography ( ECC ) relies on the algebraic social organization of egg-shaped curves over finite fields. It is assumed that discovering the discrete logarithm of a random elliptic curve element in connection to a publicly known base point is impractical .
The use of egg-shaped curves in cryptanalysis was suggested by both Neal Koblitz and Victor S. Miller independently in 1985 ; ECC algorithm entered coarse function in 2004.

The advantage of the ECC algorithm over RSA is that the key can be smaller, resulting in improved speed and security. The disadvantage lies in the fact that not all services and applications are interoperable with ECC-based SSL Certificates .

Pre-Shared Key Encryption Algorithms

Pre-shared key encoding ( symmetrical ) uses algorithms like Twofish, AES, or Blowfish, to create keys—AES presently being the most popular. All of these encoding algorithm fall into two types : pour ciphers and block ciphers. stream ciphers apply a cryptanalytic keystone and algorithm to each binary digit in a data stream, one spot at a time. Block ciphers apply a cryptanalytic identify and algorithm to a obstruct of data ( for model, 64 consecutive bits ) as a group. Block ciphers are presently the most common symmetrical encoding algorithm .
*Note: Problems that can be solved in theory ( for example, given infinite time ), but which in practice take excessively long for their solutions to be utilitarian are known as intractable problems .

Leave a Reply

Your email address will not be published.