Cryptography is a broad topic which discusses about secure communication. From very old days people tried to find secure methods of transferring data between 2 parties. When considering internet, the internet was initially used as a resource entity. But later, people use it for multiple purposes where they have to transmit sensitive data. That brings the requirement to encrypt data before communicating to the other party. In computer science we can find 2 types of encryption methods;
- Symmetric-Key Encryption
- Asymmetric-Key Encryption
In this article I focus more on Asymmetric-Key Encryption and its use-cases.
This is the encryption method which uses a single key to encrypt and decrypt a message. To achieve this 2 parties initially should get the same key. However sharing the key creates a problem. However this method is considered to be faster.
This encryption method uses 2 keys called Private-Key and Public-Key which are generated at the same time. Those keys are generated in a way that a message encrypted with public-key can be decrypted with private-key and vice-versa. Since this 2-key method eliminates the key sharing problem, there are plenty of protocols implemented based on this concept. On the other hand, this type is encryption is slow. Therefore in many protocols, asymmetric-key use to establish a secure channel and symmetric-key to data transmission.
In this article, I discuss on SSH (Secure Shell) and SSL (Secure Socket Layer) as use-cases of asymmetric-key encryption.
Secure Shell (SSH)
This protocol use to establish a connection with remote servers. In linux environment key-gen tool can be used to generate private and public keys.
ssh-keygen -t rsa -b 4096
The above command generates pair of keys using rsa algorithm and key size of 4096 bits. By-default the public key generated by this command prepend .pub to the end of file name. Then you need to put the content of public key in authorized_keys file at the server (~/.ssh/). Then you have to issue the following command to connect with server.
ssh -i path_to_private_key_file user@hostname
After this command server provide its public-key to the client and then client-server secure channel get initiated. That initial phase client and server encrypt messages using receiver’s public-key so that only the receiver can decrypt it. Once the initial steps completed, symmetric-key encryption is used for data transmission.
Secure Socket Layer (SSL)
SSL (later versions termed as TLS – Transport-Layer Security) provides the security to most widely using protocol HTTP. In this case, the hosting server generates a certificate with openssl.
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
In the above command domain.key is the private key and domain.csr is the certificate-request which contains public key and other hosting party’s information. Once the certificate-request submit to Certificate Authority (CA), the authority provides a SSL Certificate to install in server. Without a CA you can install a self-signed certificate, but while accessing from through web-browser, you will get a warning.
When a client (eg: web-browser) tries to access a server with SSL Certificate installed, connection initiating process call SSL-Handshake takes place. The steps of SSL-Handshake are as follows:
- Client sends a request to server. A.k.a “Client Hello” message
- Server responds client with “Server Hello” message which contains server’s copy of SSL Certificate
- Client uses already available CAs’ public keys to verify the SSL certificate received.
- Client extract server’s public-key and starts sending shared key exchange
- Once secured channel initiated, server and client sends Finished message.
At the end of handshaking process, client and server has a shared key which can use to encrypt messages.
Through this article I discussed some concepts use for computer cryptography and some frequently using scenarios. To get more understanding on the concepts and examples, please go through the references section.
 Wikipedia Public-Key Cryptography: https://en.wikipedia.org/wiki/Public-key_cryptography
 SSH-Keygen command: https://www.ssh.com/ssh/keygen/
 SSH Protocol: https://www.ssh.com/ssh/protocol/
 SSL Certificate and how it works: https://www.digicert.com/ssl/
 Connect to a server using SSH: https://support.rackspace.com/how-to/connecting-to-a-server-using-ssh-on-linux-or-mac-os/
 Understanding SSL and connection process: https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
 HTTP vs HTTPS: https://www.instantssl.com/ssl-certificate-products/https.html