12 April 2019

Here what Bob do is that he create the memo with digital certificate which uses the assymmetric
algorithm, so bob generates the public and private key and give alice the public key and keep the private
key.

Now after creating the memo Bob generate the digest by hashing is memo by using some Hash
Algorithm and encrypt his digest by some private key this encrypted digest is the digital certificate for
the memo.
Bob send both the digital certificate and the memo to the Alice , plz note that memo is not enrypted we
only focus on the digital signature

When Alice receive this memo she do the two things

1.Decrypt the Memo with the Bob Public Key ,because Bob Public key only decrypt this digest and she
get the digest

2.Run the same hash algo on the memo to check the generated value match with the value received
after decrypting the Memo if the value are same then it mean that Integrity of the message is not
altered.
Why digital certificate?

How hash function work?

14 April 2019

As we see in the previous example that Bob send the digitally signed doc to Alice encrypted with his
private key and alice use his public key to verify that it send by bob , but the drawback of this process if
there is a hacker who is listening to this comunication will intercept the bob message and drop that
message in transit and create the ne w message and send to alice pretending bob Alice will verify the
msg with that message public key which can be done

There is noo way for Alice to verify that sg was not send from the Bob end
So Alice trust the third party for the certificate that was issued to the Bob so it prevent the man in the
middle attack.
How SSL certificate works?
Lets see the example how the HTTPS works
As we know that digital signature is created by the CA private key
An my browser either chrome or firefox is installed with the many major CA’s public keys thus the
digital signature can be verified for the website

Once the Certificate’s signature is verified the digital certificate can be trusted
Green padlock signify thatweb server’s public key really belongs to the web server not someone else
now the verification is done.

Step 4 : Now is the time to exchange the secret

My browser creates one symmetric key a shared secret , it keep one and give copy to the web server

However my browser doesn’t want to send the shared secret in the plain text
Therefore it uses web server public key to encrypt the shared secret and then send to the webserver

Step 5: when the webserver gets the encrypted symmetric key it uses its private key to decrypt it

Now the webserver gets the browser shared secret key

Now from now onwards all the traffic between the client and server is encrypted and decrypted with
the same symmetric key
SSL/TLS handshake Protocol
The handshake protocol is basically used between a web client and webserver to establish trust and
then negotiatate what a secret key should be used to encrypt and decrypt the communication

with the protocol in place, an evaesdropper can only see the connections endpoints
but cannot read or modify any of the actual data.Thus, it can protect user's personal data and ensure a
safe transaction.

Many people are asking at what layer of OSI model does the protocol operate

Some people says that it's on application layer because it is just http over secure sockets layer.

Some peole says that it's on Presentation layer because encryption and decryption operate on this layer
but some argue it's on session layer because protocol provide point to point session security It is indeed
a grey area and each argument is valid.

The OSI model is not a science, but a guideline.The handshake protocol is involved with the Top three
layers of the OSI model if we use the TCP/IP model ,we can simply say that protocol belongs to
Application Layer

Here is the process how client and server uses the handshake protocol to negotiate how to securely
exchange data

Step 1 : The client sends a "Client Hello" message that lists information such as the SSL/TLS version and
the cryptographic algorithms and the Data compression methods supported by the client
Step2:The Server respond with the "Server Hello" message that contains the cryptographic algorithms
choosen by the server from the list provided by the client, the session ID.

The server also send its digital certificate and its public key

Step3:The client will contact the server's CA and verifies the server's digital certificate thus confirming
the authenticity of the web server Step3 is basically establishing the trust on the web server , once the
client trusts the web server it will take the step 4 : client Key exchange
Step 4: With this step the client sends a shared secret key to used in the following conversation .The
secret key is encrypted with the server's public key

Step5:The client sends a "finished" message which is encrypted with the secret key indicating the client
part of the handshake is complete
Step6: The server respond to the client with the "finished" message which is encrypted with the secret
key indicating the server part of the handshake is complete.

Once this handshake is done the server and client can now exchange messages that are symmetrically
encyrpted with the shared secret key