Markdown Page | md converter express

##### Asymmetric encryption Asymmetric encryption was created to resolve some of the issues that came with symetric encryption. With symetric encryption we used to encrypt things using a key and that same key had to be sent from the sender to the receiver to be able to decrypt the message. Not ideal, right? The idea of asymmetric encryption to avoid sharing sensitive information through the network. Below is a way to use asymmetric encryption: 1. Both of the sender and the receiver create a pair of public and private keys (using for instance a cryptosystem like RSA). ``` | Sender | Receiver | | ---------------|--------------- | | Public key A | Public key B | | Private key A | Private key B | ``` 2. They then exchange their public keys. It is important to note that public keys are meant to be shared with the world (and it has no consequence if it is intercepted by bad actors) , and the private key should be shared with no one. A public and private key pair allow to decrypt a message. ``` | Sender | Receiver | | ---------------|--------------- | | Public key A | Public key B | | Private key A | Private key B | | Public key B | Public key A | ``` 3. The sender encrypts the message using the receiver's public key (Public key B). 4. Upon reception, the receiver is able to decrypt the message since the message was encrypted with its public key. 5. The receiver encrypts back the response to the sender using the sender's public key (public key A). That way even if the message is intercepted it is impossible to decrypt the message since the private key was never shared. ##### SSH (Secure Shell) Before SSH, we had RSH (remote shell) to be able to execute commands on a machine remotely. SSH is the secure version of RSH. If you want to make it simple : SSH = RSH + TLS In most of the cases, we use asymmetric encryption to establish a SSH connection between 2 computers. The way we do it is the following: Let's consider PC1 and PC2. 1. PC1 creates a Public/Private key pair locally. 2. The administrator of PC2 adds the public key of PC1 in /~/.ssh/authorized_keys. 3. PC1 and PC2 are now able to communicate via SSH. ##### SSL and TLS SSL stands for Secure Socket Layer and TLS for Transport Layer Security. SSL has actually been deprecated and we usually use TLS or other types of security protocols. So how does SSL / TLS work? When you visit a website, the browser and the website server engage in what we call a handshake to establish a secure connection between the two. This is how it goes: 1. The browser sends a client hello message to the server : This message includes info about the browser, the operating system and the algoritm encryption the client can support. It also includes some random bytes that we will explain the use later on. 2. The server responds with a server hello message : this message includes info about the server and the algorithm that we will be used for encryption. The server also sends its ssl certificate and its public key. 3. The client then checks the ssl certificate. If the certificate is valid, the browser will generate a pre master secret and will encrypt it with the server's public key and send it to the server 4. The server decrypt the pre master secret using its private key. 5. At this stage both the server and the browser have the pre master secret. They generate a session key using the pre master secret and the random bytes exchanged in the hello section. This is now a symetric encryption because the session key is what is being used to encrypt the messages. 6. The server and the browser send a finish message. 7. The connection is now secure.