TLS and Web Certificates

 3r3164. 3r3-31. Hello! 3r3151.  3r3164. 3r3151.  3r3164. And here we are running on the sly one of the most unusual courses - 3r336. “Digital signature in information security”
. Despite everything, we sort of managed it and attracted people, let's see what happens. And today we will look at the remaining interesting material and see briefly how TLS works, as well as the difference between untrusted and trusted web certificates. 3r3151.  3r3164. 3r3151.  3r3164. TLS, short for Transport Layer Security, is based on SSL. As the name suggests, this is a protocol that works at the transport level. 3r3151.  3r3164. As you know, communication security is a very common headache, but the correct implementation of TLS can transfer web security to a new level. In an environment with embedded TLS, an attacker can get information about the host to which you are trying to connect, find out what encryption is being used, break the connection, but doing something other than that will not work. 3r3151.  3r3164. 3r3151.  3r3164. Almost all communication protocols have three main parts: data encryption, authentication and data integrity. 3r3151.  3r3164. 3r3151.  3r3164. In this protocol, data can be encrypted in two ways: using a public key cryptosystem or symmetric cryptosystems. The public key cryptosystem, as a realization, is more perfect than symmetric cryptosystems. 3r3151.  3r3164. 3r3151.  3r3164.
3r3151.  3r3164. 3r3151.  3r3164. 3r3104. Overview of Cryptosystem with Public Key and Symmetric Cryptosystems [/b] 3r3151.  3r3164. 3r3151.  3r3164. A public key cryptosystem, which is a type of Asymmetric Encryption, uses an open-private key. So, the public key B is used to encrypt A data (B shares the public key with A), and after receiving the encrypted data B decrypts it using its own private key. 3r3151.  3r3164. 3r3151.  3r3164. In Symmetric Cryptosystems, the same key is used for both decryption and encryption, therefore the secret key of A and B will be the same. And this is a big disadvantage. 3r3151.  3r3164. 3r3151.  3r3164. Now let's see how authentication works in TLS. To ensure the authenticity of the sender of the message and to provide the recipient with the means to encrypt the response, authentication can be achieved using digital certificates. Operating systems and browsers store lists of trusted certificates that they can confirm. 3r3151.  3r3164. 3r3151.  3r3164. 3r3104. Trusted vs. Untrusted Certificates [/b] 3r3151.  3r3164. 3r3151.  3r3164. Digital certificates come in two categories. Trusted certificates are signed by the Certificate Authority, CA for short, while untrusted certificates are self-signed. 3r3151.  3r3164. 3r3151.  3r3164. 3r3104. Trusted Certificates [/b] 3r3151.  3r3164. 3r3151.  3r3164. Trusted certificates are in a web browser and are signed by the CA. This is necessary to ensure the highest level of reliability. Suppose the site “xyz.com” wants to get a trusted digital certificate from the well-known certification center “Comodo”. 3r3151.  3r3164. The steps will be as follows: 3r3151.  3r3164. 3r3151.  3r3164.
 3r3164. 3r3143. Create a web server for the application: xyz.com; 3r3144.  3r3164. 3r3143. Create a pair of secret keys (public-private key) using public key encryption (because of its reliability); 3r3144.  3r3164. 3r3143. Generate a Certificate Signing Request (CSR for short) for a certification center, in my case Comodo. On disk, the file may be called “certreq.txt”; 3r3144.  3r3164. 3r3143. Submit an application to a certification center, include a CSR; 3r3144.  3r3164. 3r3143. The certification center (Comodo in my case) will verify your request, including the public-private key; 3r3144.  3r3164. 3r3143. If everything is in order, the certification center will sign the request using its own private key; 3r3144.  3r3164. 3r3143. The center will send the certificate to be installed on the web server; 3r3144.  3r3164. 3r3143. All is ready! 3r3144.  3r3164. 3r3146. 3r3151.  3r3164. 3r3151.  3r3164. 3r3104. Untrusted Certificates [/b] 3r3151.  3r3164. 3r3151.  3r3164. An untrusted certificate is signed by the site owner. This method is suitable if the problems of reliability are not relevant. 3r3151.  3r3164. Note that it is not customary to use an untrusted certificate in the TLS implementation. 3r3151.  3r3164. 3r3151.  3r3164. How does the replacement certificate TLS
 3r3164. 3r3151.  3r3164.
 3r3164. 3r3143. Open the address “xyz.com” in the browser; 3r3144.  3r3164. 3r3143. The web server receives the request; 3r3144.  3r3164. 3r3143. The web server sends a certificate in response to the request; 3r3144.  3r3164. 3r3143. The web browser evaluates the response and verifies the certificate; 3r3144.  3r3164. 3r3143. During the validation process, the web browser learns that the certificate is signed by the Comodo Center; 3r3144.  3r3164. 3r3143. A web browser checks the certificate database (for example, IE -> Internet Options -> content -> certificate) for a Comodo certificate; 3r3144.  3r3164. 3r3143. Once it is located, the web browser uses the Comodo public key to verify the certificate sent by the web server; 3r3144.  3r3164. 3r3143. If validation is successful, the browser considers this association to be secure. 3r3144.  3r3164. 3r3146. 3r3151.  3r3164. THE END
 3r3164. 3r3151.  3r3164. As usual, we are waiting for questions and comments. 3r3-3160. 3r3164. 3r3164. 3r3164.
! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e.parentNode.insertBefore (r, e)}; "[object Opera]" == e.opera? a.addEventListener? a.addEventListener ("DOMContentLoaded", d,! 1): e.attachEvent ("onload", d ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r3158. 3r3164. 3r3-3160. 3r3164. 3r3164. 3r3164. 3r3164.