When learning about how to use OpenSSL to create self-signed certs, it became clear to me that most of the information available online assumes you know what certificates are, and how they fit in HTTPS.
I decided to have a go at explaining HTTPS by explaining how communications are made secure, namely how Diffie-Hellman key exchange and digital certificates work. Here’s my take on it.
HTTPS allows us to communicate securely over an insecure channel (for example over an open wifi network in an airport) where it is easy for someone to listen to all network traffic. The communications with HTTPS are secure because they are encrypted.
The communication is encrypted using symmetric key encryption. This particular type of encryption requires that both the sender and receiver have the same key (i.e. the same key is used to encrypt and decrypt the data).
But if the sender and the receiver need to send the key to each other through the insecure channel, doesn’t this make this whole exercise pointless?
This can only work if the sender and receiver have a way of sending a secret key to each other even with someone listening to the communication (and without that someone being able to figure out what the secret key is).
This is where the Diffie Hellman key exchange comes into play.
Diffie-Hellman allows two parties to create a shared secret key without revealing it, while doing it “in the open”, i.e. even if someone has access to all the information that the two parties exchange, they sill won’t be able to discover what the secret key is.
It sounds like magic, right? No, it’s just math.
Here’s a simple example of how it works. First two numbers are picked, they are usually called p and g. p is short for prime, g is short for generator.
A prime is a natural number greater than 1 that has no divisors other than 1 and itself.
A generator g for prime number p is a number such that gx mod p for x between 1 and p-1 will “generate” all the numbers from 1 to p-1.
mod (short for modulo) is a function that returns the remainder of an exact division, for example 5 mod 3 is 2, because the exact division of 5 by 3 is 1 and the remainder of that is 2 (3 * 1 + 2 = 5).
Now that we know what mod is, here’s an example of a generator for a prime. 3 is a generator for 7 because:
- 31 mod 7 = 3 - 32 mod 7 = 2 - 33 mod 7 = 6 - 34 mod 7 = 4 - 35 mod 7 = 5 - 36 mod 7 = 1
If we order the results we get: 1, 2, 3, 4, 5, 6, we can see that they are all the numbers from 1 to p-1, which makes g = 3 a generator for p = 7.
We know have all the pieces to perform Diffie-Hellman “by hand”.
As an example, imagine Alice and Bob want to write letters to each other. Unfortunately someone is reading their correspondence, so they decide to use Diffie-Hellman to be able to communicate secretly.
Alice picks g and p, for example g = 3, and p = 7 and sends a letter with them to Bob.
Alice also picks a secret number less than p, for example 2.
Once Bob receives p and g, he picks a secret number less than p, for example 5.
Bob then computes this: gsecretBob mod p, in this case 35 mod 7 = 5. Bob sends this number to Alice, let’s call this number numberBobSent.
At the same time Alice computes gsecretAlice mod p, in this case 32 mod 7 = 2 and sends it to Bob, let’s call this number numberAliceSent.
Alice receives Bob’s letter with number 5. She then computes numberBobSentsecretAlice mod p, in this case 52 mod 7 = 4.
Bob receives Alice’s letter and does the same: numberAliceSentsecretBob mod p, in this case 25 mod 7 = 4.
Their shared secret is 4. Whoever read the letters could read p, g, numberAliceSent and numberBobSent. However, they don’t know neither Alice nor Bob’s secret numbers nor their shared secret. Alice and Bob can now use their shared secret to encrypt and decrypt their correspondence.
This works because for large primes it is prohibitively costly to figure out the shared secret with the information that an eavesdropper has access to (p, g, and numberBobSent and numberAliceSent).
We now know that web servers and browser clients can make use of Diffie-Hellman to establish a secret key to encrypt communications even when someone has access to all information that is exchanged.
This solves the problem of secure communications over an insecure medium, right? Well, not really.
Going back to Alice and Bob’s example, imagine that whoever is reading their correspondence, let’s say Eve, takes a more proactive role. Eve will grab Alice’s letters and replace them with her own, and will do the same with Bob’s.
She will be able to establish a secret key with both Alice and Bob. Alice will think she’s corresponding with Bob, and Bob with Alice, while they are both corresponding with Eve.
She then just has to receive Alice’s letters, decrypt them with the key she established with Alice, read them, encrypt them with the key she established with Bob and send them to him.
There’s no way for Alice and Bob to know that their communication is not private.
This is what is called “A man in the middle attack”.
So how can we solve this problem?
That’s where digital certificates come into play, but before we need to talk about asymmetric key encryption.
Asymmetric Key Encryption
With asymmetric keys, there are two keys, a private and a public one. Both can encrypt and decrypt, but if you encrypt with one of them you can only decrypt with the other.
The private key is never supposed to be sent, while the public key can be freely sent to anyone. Because anything encrypted by the private key can only be decrypted with the public key, if someone sends you something encrypted and you can decrypt it with a public key, you know that only the holder of the private key could’ve encrypted what was sent.
A certificate is just a public key bundled together with information about the holder of the private key (e.g. the subject name which usually contains the website domain, e.g. blinkingcaret.com).
What makes a certificate trustworthy is that it is digitally signed by a certificate authority (an example would be Symantec or Letsencrypt). But first, what is a digital signature?
The goal of a digital signature is to prove the identity of the sender of the information and that the information was not changed along the way.
A digital signature is performed in two steps. First a hash of what is to be signed is created (a hash function transforms an arbitrary amount of data into a fixed amount). Then it is encrypted using a private key. The encrypted hash is bundled together with the information. The encrypted hash is the signature.
When someone receives a piece of information with the encrypted hash they can create a hash of the information themselves (using the same type of hashing function, e.g. md5), use the public key to decrypt the signature and compare the two hashes. If they match it means that the information not only was not changed, it was also created by whomever the private key belongs to.
In case you are wondering why we don’t just encrypt all the information instead of using a hash function, that’s because the hash is much smaller and still has all the properties we need to guarantee that the information was not tampered with.
A certificate authority is an entity that signs certificates. To sign a certificate, a certificate authority needs a private key, and with that a public key, which also comes in a certificate.
The certificate authorities’ certificates are special though. They are self-signed, which means they are signed with the private key that pairs with the public key in the certificate. Also, your computer’s operating system came installed with a several certificate authorities’ certificates.
When someone gives us a certificate, if that certificate was signed by a certificate authority we trust (any of the certificate authorities for which we have a certificate installed in our computer) we trust the certificate (that’s when you get the green address bar your browser).
So, coming back to Alice and Bob’s example, we should change the story here because the metaphor with the letters breaks a bit.
Imagine that Bob and Alice would deliver the letters to each other by hand.
Also, imagine that Alice and Bob had never met, they don’t know how the other one looks like.
Although more complicated, a man in the middle attack is still possible in this scenario. Imagine someone, let’s say Joe would make himself pass by Bob and meet Alice, and then someone else, for example Jane, would pass herself by Alice and meet Bob. John and Jane could coordinate between themselves so that even if Alice and Bob tried to use Diffie-Hellman they would end up talking to Jane and John without knowing it.
However, imagine now that Bob and Alice have id cards, issued by a government, and that are extremely difficult to forge.
Alice can ask Bob for his id card. The card has Bob’s name and his picture, and is issued by a government that Alice knows is trustworthy, Alice is satisfied that Bob is whom he says he is. Bob can do the same in regards to Alice.
In HTTPS the id card is the certificate and the issuer is the certificate authority. Also, in HTTPS normally only the web server provides the certificate. However, although uncommon authentication of users with certificates is also possible.
I hope this gives you a better idea of how all these pieces fit together to enable HTTPS. On my next post I’ll be describing how to create a certificate authority, install it, and create signed certificates using OpenSSL.
To be sure you won’t miss it, follow me on twitter @ruidfigueiredo or click subscribe and I’ll let you know when the new post is online.