How HTTPS works Part 1 — Building Blocks

https

Introduction

Have you ever wondered what happens when you type any URL in the browser? Why few websites are on HTTPS while others on HTTP? When you purchase anything online using your credit card, how does a website ensure that your sensitive information is not leaked? Same applies to the case when you enter login Id and password on any social media website.

Working of HTTP

When you type any URL in the browser, the browser acts like a client & the website behaves like a server. The client uses HTTP protocol and fetches information from the server. The server returns an HTML page which the browser then renders and displays it to the user. Following is an overview of the process:-

Client-Server Model
The output of curl -X GET ‘https://airindia.com' -v
> GET / HTTP/1.1> Host: airindia.com> User-Agent: curl/7.58.0> Accept: */*

Disadvantages of HTTP

  • Message Integrity: When you are sending a message over HTTP, anyone on the network can see what message is being sent. Further, anyone can intercept the message, modify it and send it to the server. For eg:- If you are chatting with your friend & sending a message “Hey, you are smart”, someone can modify the message and send “Hey, you are an idiot”.
Loss of Message Integrity
Sniffing sensitive information
Stealing information on the Internet
Connecting to an HTTP website

HTTPs & its building blocks

HTTPs is secure HTTP. HTTPs guarantees that communication that takes place over HTTP is encrypted. It overcomes the disadvantages of the HTTP mentioned above. To understand HTTPs, we will first need to understand how encryption works.

Symmetric key encryption
Asymmetric Key encryption
Message Authentication Code
Certificate Authority for medium.com

Conclusion

You have learnt about the working of HTTP, disadvantages of HTTP and basic building blocks of HTTPs.

Senior Software Engineer @Microsoft. Writes about Distributed Systems, Programming Languages & Tech Interviews