Open in app

Sign in

Write

Sign in

Here’s a simple introduction on how browsers encrypt your data

Anton Spaans
Digital Products Tech Tales
Published in
7 min readJan 29, 2019

What is symmetrical and asymmetrical encryption and how do browsers use it to protect your data?

Listen to a summary of this article on letsrecast.ai

When you open your browser and you see the text in the address-bar that begins with https, where the s stands for secured, you are sending and receiving information in a secure way. It is encrypted and only you and the website that you visit know what is being said.

Ever wondered how this all works?

There are two main parts to secure and encrypt information going back and forth. The first is a so-called handshake on how both parties should encrypt their data. Once this handshake results into an agreement, information is encrypted and decrypted based on this agreement. The second part is the actual encryption and decryption of messages going back and forth.

The agreement can be seen as a set of keys that can lock and unlock a box that contains the information being sent or received.

Let’s say there are two parties trying to communicate securely with each other. One is John and the other one is Webby. John wants to communicate with Webby and this is how it could be done.

Using Symmetric Encryption

John must lock his message in a box using a key so that the message can be sent securely. Webby then needs to have an exact copy of that key to unlock the box and read John’s message.

Only John and Webby should be able to read the contents of the box. No one else is allowed to eavesdrop. This means that the key must be secret.

The box that will hold the message securely has one keyhole. It must be locked and unlocked by the same key and this is why the key is considered symmetrical.

One key both locks and unlocks the box that contains the secret message

Before John and Webby can send any messages to each other, they must share this symmetrical secret key so that they both have a copy of it. Sharing this key needs to happen over another secure back channel.

And here lies the problem; Where do you find a second secure back channel? How do you create one? Usually this happens by basically ‘leaving-the-key-under-a-very-hard-to-find-rock’ and having John and Webby agree where to put that rock. Once that rock is discovered by another party, their communication is no longer secure.

This weakness is the reason that a symmetric-only encryption is hardly ever used. Let’s try another way.

Using Asymmetric Encryption

At the start of the handshake, Webby, the public recipient, creates two keys. Webby creates a public key that John can use to lock the box. Webby also creates a companion private key that only Webby can use to unlock the box. Because two different keys are used, the encryption is considered asymmetric.

The box that will lock the message has two keyholes. It can be locked by using the public key on the public keyhole. It can be unlocked only by using the private key on the private keyhole.

The public key can be shared with anyone. The private key is stored by Webby somewhere and no one but Webby knows where it is. The public key and the private key are a pair and are related to each other: A box locked by a public key can be unlocked only by its paired private key.

Only a public (green) key can lock the box, only a private (red) key can unlock the box

OK, let’s see how this handshake works:

  • John contacts Webby
  • Webby acknowledges John
  • Webby then generates her public and private key pair.
  • Webby replies by sending her public key to John.
    So far, nothing has been encrypted yet. The key is public. An eavesdropper could receive the public key as well.
  • John uses Webby’s public key to lock his message in the box. In other words, John encrypts his message.
  • John sends the locked box containing the message to Webby.
  • Webby unlocks the box by using her private key and she can read John’s message. In other words, Webby decrypts John’s message.
John exchanges a secret joke with Webby.

What about an eavesdropper? He may have Webby’s public key as well. That means he could look at the locked box sent by John. However, the eavesdropper cannot unlock and open the box, because the public key cannot be used for this. Only the paired private key can unlock the box. This is great! The message sent by John to Webby cannot be read by the eavesdropper.

Using a little bit of both

It turns out that asymmetric encryption is hard and time-consuming for large messages. If the messages are too large, it takes too much computing power to handle the encryption and decryption.

On the other hand, symmetric encryption can be done very fast even for very large messages.

That is why most encryption schemes use a combination of the two:

  • Asymmetric encryption is used just to encrypt and share a symmetrical secret key. This is now the so-called secure back channel for sharing a secret key. We no longer need a rock under which to hide it!
  • Symmetrical encryption is then used to encrypt actual messages going back and forth.

This is the modified handshake, using both asymmetric and symmetric encryption:

  • John contacts Webby
  • Webby acknowledges John
  • Webby then generates her public and private key pair.
  • Webby replies by sending her public key to John.
  • John generates a brand new symmetrical secret key and remembers it for a while.
  • John uses Webby’s public key to lock his secret key in the box. In other words, John encrypts the symmetrical secret key.
  • John sends the locked box containing the symmetrical secret key to Webby.
  • Webby unlocks the box by using her private key, retrieves John’s symmetrical secret key and remembers it for a while.
John exchanges a symmetrical secret key (black key) with Webby.

From here on, John and Webby can send messages back and forth using the symmetrical secret key and because the secret key was sent by John using asymmetrical encryption, it could not have been intercepted by an eavesdropper.

As long as the symmetrical secret key is not terribly long, all encryption and decryption should be speedy for both John and Webby. Good thing that a symmetrical key need not be very long, usually 128 or 256 bits is enough for a very strong encryption [1].

So, asymmetrical encryption works great! It is based on the fact that one key can only lock the box (encrypt) and the other key can only unlock the box (decrypt). How does that work?

Encryption using a Public and Private Key Pair

This type of encryption is all based on the magic of very large prime numbers, based on the fact that it is very easy to multiply two very large prime numbers but extremely hard to figure out which two prime numbers were used for a particular multiplication.

The public key is a single value that is the result of the multiplication of two very large prime numbers:

public_key = prime1 * prime2

The paired private key is comprised of two values, those same two prime numbers next to each other:

private_key = (prime1, prime2)

In the 1970s, scientists in the UK and the US figured out — independently — that a message encrypted by an algorithm that uses the multiplication of two prime numbers can be decrypted by a corresponding algorithm that uses these two prime number individually, but not vice-versa [2]. How this exactly works is a whole different topic. That is hard math [3].

If you make these two prime-numbers large enough, you can safely broadcast the multiplication result (i.e. the public key) without worrying that a third party may figure out which two prime-numbers were used to create it (i.e. the private key).

Large Prime Numbers

The math behind trying to factor a very large number (a public key) into its very large two prime components requires that the public key be at least 1024 bits long, preferably 2048 bits long or even more, to make any attempt to factorization prohibitively expensive and time consuming [4].

But we can’t make the key lengths too long. The longer the key, the more time and processing time it takes to handle the encryption and decryption. Also, with the emerging field of IoT (Internet of Things), many connected devices that are low powered will have difficulty to keep up [5].

Future of Encryption

With the advent of increasingly cheaper and faster cloud computing that could be used to crack encryption schemes, the size of the public key must be large enough to last for a while, especially for messages that are securely written down on storage media.

Some scientists predict that with the emerging field of so-called quantum computing, there is a 50–50 chance that asymmetrical encryption using 2048-bit public keys could be cracked by the year 2030 or so [6]. If this becomes imminent, we may need start to use encryption schemes based on Quantum Cryptography. That is a discussion left for another blog post.

Interesting links

Experimenting with Post-Quantum Cryptography

Quantum computers are a fundamentally different sort of computer that take advantage of aspects of quantum physics to…

security.googleblog.com

References

[1] Symmetric Key Lengths
[2] Public Key Cryptography
[3] Diffie-Hellman Key Exchange
[4] Asymmetric Key Lengths
[5] Two-way Authentication for IoT
[6] Report on Post-Quantum Cryptography

Security
Encryption
Https
Public Key Cryptography
Cryptography

--

--

Anton Spaans
Digital Products Tech Tales

Written by Anton Spaans

266 Followers
Editor for

Associate Director of Product Engineering at @AccentureSong. You can find me online @streetsofboston or at https://www.linkedin.com/in/antonspaans/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams