Try   HackMD

Secure Website Demo

  • This demonstration takes you through the entire process of going to a secure website. This is accomplished through the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, and involving symmetric encryption, asymmetric encryption, hashing, keys and Certificate Authority (CA).

    • For instance, let us instruct our web browser to go to Citibank's website.

    • The browser transmits a list of algorithms it supports to the web server.

    • The server selects algorithms to use, and sends its digital certificate to the browser.

    • Click the link below to see the graphical representation of the above steps:
      https://youtu.be/1DPSXEb_bLA

    • The browser, then verifies the digital certificate isn't revoked or expired.

    • If the certificate is valid, the browser extracts the server's public key from the certificate.

    • The browser then generates a random value, known as the Premaster Secret and encrypts it with the server's public key, and transmits the Ciphertext to the server.
    • The server decrypts the ciphertext with its private key to produce the Premaster Secret.
    • The browser and server use the same premaster secret to create the same master secret.
    • The master secret is used by the browser and the server to create symmetric session keys for encrypting, decrypting and hashing.
    • Click the link below to see the graphical representation of the above steps:
      https://youtu.be/rOQ2KZrXmBk

How does the browser know that the key on the certificate is Citibank's actual public key?

  • The CA hashed the public key of Citibank and encrypted it with the CA's private key. That's the field on the digital certificate known as the digital signature.

  • The browser retrieves the CA's digital certificate from a trusted root certificate store stored locally on a machine, and decrypts the encrypted hash with the CA's public key, found on CA's digital certificate.
  • The browser also hashes the Citibank's public key itself.
  • If the two hashes match, the hash of Citibank's public key could only have been encrypted by the CA.
  • If the hash decrypts with the CA's public key, it could only have been encrypted with the CA's private key.

  • This proves that the CA is really the CA, Citibank's public key is really Citibank's public key. And the website is Legit and Secure.

Learn more

The above demonstration just illustrates what happens when one entity is known and has a public key and digital certificate.

How would this work for two parties without digital certificates that have never met or exchanged keys?
https://youtu.be/YEBfamv-_do

Additional Resourses on how CA works
https://opensrs.com/blog/2015/05/dv-ov-or-ev-how-to-offer-the-right-ssl-certificate/
https://www.troyhunt.com/extended-validation-certificates-are-dead/
https://www.troyhunt.com/extended-validation-certificates-are-really-really-dead/

Last changed by 
rakshith
0
183

Read more

Basic Steps and Tools in Catia V5 Sketcher Workbench

In this tutorial you will be gaining the basic knowledge on how to use the CATIA V5 sketcher workbench. This is the screen you see when you open the CATIA V5 Software. 1. Let us start by creating a new file. Start -> Mechanical Design -> Part Design 2. 'New Part' window pops up.

Sep 9, 2020
My Appeal

Hello friends, hope you all are holding up well in these extraordinary circumstances we are facing and will face for a foreseeable future. None saw the repercussions of such magnitude coming our way due to Covid-19 pandemic. One way or another, it took a toll on all our lives. Fortunate are those who have a roof over their heads and food on their plates. They might seem insignificant for most of us, as we often tend to blind eye to these blessings of life, due to various reasons. Sailing through troubled waters demands a certain level of mental fortitude and perseverance, sadly most of us don't realise are our innate qualities. However, as challenges for a human being are subjective in nature, we all have our own ways of facing them. My appeal to you all is, look at them as they are, not how you want them to be.

Sep 6, 2020
International Vulture Awareness Day

The first Saturday in September each year is International Vulture Awareness Day. Vultures play an important role in an ecosystem by scavenging on animal carcass before it decomposes - helping prevent the spread of harmful bacteria and other pathogens into the ground and water. Habitat Preferences Breeding and roosting - Forests with tall trees and mountains. Feeding - Areas with plenty of wildlife and proximity to carcass disposal areas. Once found across the Indian subcontinent, they are now found only in isolated pockets. Their populations faced a dramatic decline of almost 99% in certain species within a short span, primarily due to human-related activities.

Sep 5, 2020
Read more from rakshith
Published on HackMD