Basics of Transport Layer Security (TLS)

What is TLS?
TLS is like a digital (encrypting protocol) shield that ensures the safe journey of your data across the internet, keeping it secure as it travels between apps and websites.

How does it work?
TLS combines two types of encryption: symmetric and asymmetric cryptography. One provides speed, and the other ensures security, creating the perfect balance to protect your data as it travels across the internet.

What is symmetric encryption?

In the diagram above, when the client begins communication, it first encrypts the data using an encryption key and sends it over the network. When the server receives the data, it remains encrypted, so the client then sends the encryption key over the same network to enable decryption. The problem with this approach is that both the data and the encryption key travel through the same network, making them vulnerable to interception by hackers or any middleman.

What is asymmetric encryption?
Asymmetric cryptography uses two keys: a public key and a private key. The public key acts like a locked box that anyone can use to send a message, but only the recipient's private key can open it. Since it's nearly impossible to determine the private key from the public one, this system ensures that only the person with the private key can decrypt and read the message sent to them.

In the diagram above, when the client establishes communication with the server, the server sends its public key to the client. The client uses the server's public key to encrypt its own encryption key and then sends it back to the server. Now, the server has the client's encryption key along with its own public key, all in an encrypted format. The server decrypts the encrypted data with its private key and saves the client's encryption key. Even if a middleman or hacker gets the server's public key and the client's encryption key, they can't decrypt the data because they don't have the server's private key. Now, communication is secure. The client sends data encrypted with its own encryption key to the server, and the server decrypts the encrypted data using the client's encryption key.

Now you might wonder, how can we be sure that the server we're connecting to is legitimate? What if a hacker sets up a fake server? This is where a Certificate Authority (CA) comes in.

What is Certificate Authority (CA)
A Certificate Authority (CA) is like an online "trusted verifier" that gives out digital certificates to websites. These certificates are special files that link a website to its public key, helping web browsers confirm that the site is legitimate and secure. When you visit a website, your browser checks this certificate to make sure it’s safe to trust the content.

CAs play a key role in keeping the internet secure. They make sure the websites you visit are real and trustworthy, so you can feel confident that your data is in good hands.

When a CA gives a certificate to a website, it guarantees that you’re connecting to the official site and not a fake one set up by hackers to steal your information.

Thanks for reading! I hope this helps you understand how TLS works with confidence. Feel free to reach out if you have any questions!