1

I have searched all this morning but I've found websites where it is said that data is sent through an asymmetric encryption using the TLS protocol. Then I found the contrary. Please can you tell me which is true? Thanks. And does anyone know a guide where it is explained step by step the handshake of TLS protocol over http?

Stanislav Bashkyrtsev
  • 14,470
  • 7
  • 42
  • 45
CrazyGamerYT55
  • 21
  • 3
  • 1
    Same question: https://stackoverflow.com/questions/37791013/https-uses-asymmetric-or-symmetric-encryption – Stanislav Bashkyrtsev Jul 06 '20 at 11:46
  • Does this answer your question? [HTTPS uses Asymmetric or Symmetric encryption?](https://stackoverflow.com/questions/37791013/https-uses-asymmetric-or-symmetric-encryption) – Ludovit Mydla Jul 06 '20 at 13:04

2 Answers2

3

Both symmetric and asymmetric keys are used in HTTPS (not HTTP). But only symmetric key is used for encryption. They are much faster than asymmetric algorithms and thus serve better for working with large messages (which web traffic is).

But symmetric key needs to be shared somehow, you can't just send it as is. Otherwise the man-in-the-middle will know it and thus will be able to decrypt the messages. Hence additional algorithm (Diffie-Hellman) is used - it's a nice trick to exchange private data on the open channel. This algorithm uses asymmetric keys for data signing (not encryption).

PS: similar mechanism is used in SSH.

Bruno Rohée
  • 3,436
  • 27
  • 32
Stanislav Bashkyrtsev
  • 14,470
  • 7
  • 42
  • 45
  • Thanks for answering. I am just wondering does pigpen cipher use asymmetric or symmetric key? It has been on my mind for ages and I have an exam which asks that following question – CrazyGamerYT55 Jul 08 '20 at 10:18
  • 1
    It doesn't seem related to HTTPS. You need to create a new question for that, but most likely wikipedia article can answer that. If your original question was answered - please accept the answer. If not - leave comments. – Stanislav Bashkyrtsev Jul 08 '20 at 10:36
0

HTTP uses no encryption at all, as defined in https://www.rfc-editor.org/rfc/rfc2616

HTTPS on other hand, uses TLS which may choose from bunch of algorithms to achieve encrypted transfer, and is defined here: https://www.rfc-editor.org/rfc/rfc2818 You could read more on TLS: https://www.acunetix.com/blog/articles/establishing-tls-ssl-connection-part-5/

Community
  • 1
  • 1
Nikolai Alexandrov Georgiev
  • 46
  • 2