Everything You desire to Know about the Cryptography behind SSL Encryption


SSL (Secure Sockets Layer) is a typical security technology for establishing an encrypted link in between a server and a client—typically a net server (website) and also a browser; or a letter server and also a mail client (e.g., Outlook). It enables sensitive info such as credit transaction card numbers, social defense numbers, and also login credentials to it is in transmitted securely. To establish this secure connection, the browser and the server require an SSL Certificate.

You are watching: ____ uses a single secret key to both encrypt and decrypt the file or message.

But just how is this accomplished? just how is data encrypted so that no one—including the world’s biggest super computers—can cracked it?

This short article explains the technology at job-related behind the scenes of SSL encryption. The covers asymmetric and symmetric keys and how they work-related together to produce an SSL-encrypted connection. It also covers different types of algorithms the are offered to create these keys—including the mathematics equations the make castle virtually impossible to crack.

Not sure you know the basics of SSL Certificates and also technology? Learn around SSL certificates >>

Asymmetric Encryption

Asymmetric encryption (or public-key cryptography) uses a separate an essential for encryption and decryption. Anyone have the right to use the encryption key (public key) come encrypt a message. However, decryption keys (private keys) space secret. This means only the intended receiver can decrypt the message. The most common asymmetric encryption algorithm is RSA; however, us will comment on algorithms later on in this article.


Asymmetric tricks are frequently 1024 or 2048 bits. However, keys smaller than 2048 bits room no longer considered safe come use. 2048-bit keys have actually enough distinct encryption codes that us won’t write out the number here (it’s 617 digits). Though larger keys can be created, the enhanced computational burden is so significant that tricks larger than 2048 bits are hardly ever used. To put it into perspective, it would certainly take an mean computer much more than 14 billion year to crack a 2048-bit certificate. Learn much more >>

Symmetric Encryption

Symmetric encryption (or pre-shared vital encryption) uses a single vital to both encrypt and decrypt data. Both the sender and also the receiver require the same an essential to communicate.


Symmetric crucial sizes are generally 128 or 256 bits—the larger the an essential size, the more difficult the key is to crack. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. Together you deserve to imagine, a ‘brute force’ assault (in i m sorry an attacker make the efforts every possible an essential until they find the appropriate one) would take rather a bit of time to rest a 128-bit key.

Whether a 128-bit or 256-bit vital is used depends on the encryption capability of both the server and also the customer software. SSL Certificates perform not dictate what an essential size is used.

Which Is Stronger?

Since asymmetric tricks are bigger than symmetric keys, data the is encrypted asymmetrically is tougher come crack than data the is symmetrically encrypted. However, this go not typical that asymmetric tricks are better. Fairly than being contrasted by your size, these tricks should contrasted by the complying with properties: computational burden and ease the distribution.

Symmetric tricks are smaller than asymmetric, therefore they require less computational burden. However, symmetric keys likewise have a significant disadvantage—especially if you use them because that securing data transfers. Since the same vital is supplied for symmetric encryption and decryption, both you and also the recipient require the key. If you have the right to walk over and also tell her recipient the key, this isn’t a substantial deal. However, if you need to send the key to a user halfway approximately the world (a an ext likely scenario) you need to worry about data security.

Asymmetric encryption doesn’t have actually this problem. As long as you store your private crucial secret, no one deserve to decrypt your messages. You deserve to distribute the matching public an essential without worrying who gets it. Everyone who has the public an essential can encrypt data, yet only the human with the private an essential can decrypt it.

How SSL offers both Asymmetric and also Symmetric Encryption

Public key Infrastructure (PKI) is the collection of hardware, software, people, policies, and also procedures the are necessary to create, manage, distribute, use, store, and revoke digital certificates. PKI is additionally what binds keys with user identities by means of a Certificate authority (CA). PKI uses a hybrid cryptosystem and also benefits from using both species of encryption. For example, in SSL communications, the server’s SSL Certificate has an asymmetric public and also private crucial pair. The session crucial that the server and also the browser create during the SSL Handshake is symmetric. This is described further in the diagram below.

Server sends out a copy of its asymmetric publicly key.Browser creates a symmetric session key and encrypts it v the server"s asymmetric publicly key. Then sends it to the server.Server decrypts the encrypted session crucial using that asymmetric private vital to gain the symmetric conference key.Server and also Browser now encrypt and decrypt all transmitted data v the symmetric conference key. This allows for a secure channel because only the browser and also the server understand the symmetric session key, and also the session key is only used for that session. If the internet browser was to affix to the exact same server the following day, a brand-new session crucial would be created.

Public-Key Encryption Algorithms

Public-key cryptography (asymmetric) provides encryption algorithms favor RSA and also Elliptic Curve Cryptography (ECC) to create the public and also private keys. This algorithms are based upon the intractability* of details mathematical problems.

With asymmetric encryption it is computationally straightforward to generate public and also private keys, encrypt message with the public key, and decrypt messages through the personal key. However, the is extremely challenging (or impossible) for anyone to have the private key based just on the general public key.


RSA is based on the presumed difficulty of factoring large integers (integer factorization). Complete decryption of one RSA ciphertext is thought to it is in infeasible ~ above the presumption that no effective algorithm exists for integer factorization.

A user that RSA creates and then publishes the product that two huge prime numbers, in addition to an auxiliary value, as their public key. The prime factors must be retained secret. Anyone deserve to use the public an essential to encrypt a message, yet only someone with understanding of the prime determinants can feasibly decode the message.

RSA means Ron Rivest, Adi Shamir, and also Leonard Adleman— the men who first publicly described the algorithm in 1977.



Elliptic curve cryptography (ECC) counts on the algebraic framework of elliptic curves end finite fields. It is suspect that discovering the discrete logarithm of a random elliptic curve facet in link to a publicly recognized base allude is impractical.

The use of elliptic curves in cryptography was suggested by both Neal Koblitz and Victor S. Miller individually in 1985; ECC algorithms entered usual use in 2004.

The benefit of the ECC algorithm over RSA is that the an essential can be smaller, resulting in improved speed and also security. The disadvantage lies in the fact that no all services and applications are interoperable with ECC-based SSL Certificates.

See more: Which Of The Following Is True Of Virtual Organizations? Virtual Organization

Pre-Shared vital Encryption Algorithms

Pre-shared vital encryption (symmetric) offers algorithms choose Twofish, AES, or Blowfish, to produce keys—AES right now being the many popular. Every one of these encryption algorithms loss into two types: stream ciphers and block ciphers. Stream ciphers apply a cryptographic crucial and algorithm to every binary digit in a data stream, one bit at a time. Block ciphers apply a cryptographic an essential and algorithm come a block of data (for example, 64 sequential bits) as a group. Block ciphers are currently the most common symmetric encryption algorithm.