HTTPS
HTTPS
- What is this?
- Default port?
Public Key Infrastructure (PKI)
- two separate keys
- Ingredients to PKI
- Plaintext
- Encryption Algorithm
- Public and private key
- Each user generates a pair, public key is publicly available
- Certificate
- Certificate Authority
PKI More
- encrypt message using persons public key, only corresponding private key can decrypt
- private keys are never distributed
- can ensure a person is who they say they are
- when sending messages we can ensure confidentiality
- Video
Digital Certificates
- downside: some user could send their public key, purporting to be Bob.
- solution is public key certificate
- consists of public key, userid, plus signed by trusted 3rd party (CA)
- consists of public key, userid, plus signed by trusted 3rd party (CA)
- A CA:
- Issues, revokes, distributes digital certs (Digicert, Verisign)
- Should be trusted
More stuff that you didn’t want to know
- We have been talking a lot about keys, but the keys are just used for encryption/decryption as part of an algorithm to encrypt/decrypt data. Some of these algorithms are:
- RSA
- DSA
- ECC
- You can see what algorithm is used by looking at the cert.
Our methodology
Essentially we will use something like letsencrypt which will generate our public/private keys, send a csr to the CA, get the cert, and install it so that apache is aware of it.
One more note
Our browser likely won’t trust certificates signed by letsencrypt unless we specifically tell the browser that it should be trusted.
Last Updated 07/27/2023