Cryptography
TLS doesn't invent its own cryptography — it assembles a handful of well-studied primitives into a protocol. This chapter introduces those primitives in plain terms, mapping each to the guarantee it provides (Chapter 1). You don't need the maths; you need to know what each tool does, what key it uses, and what it can't do alone.
Symmetric Encryption — One Shared Key
Symmetric encryption uses a single secret key to both encrypt and decrypt. The same key locks and unlocks — like a physical door key that both parties hold a copy of. The dominant algorithm is AES (Advanced Encryption Standard).
Symmetric encryption is fast — easily fast enough to encrypt every byte of a web page or video stream — and it delivers confidentiality. Its one hard problem: both sides must already share the same secret key. How do two strangers on the internet agree on a shared secret without an eavesdropper learning it? They can't, with symmetric crypto alone. That gap is exactly what asymmetric crypto solves.
Asymmetric Encryption — A Key Pair
Asymmetric (or public-key) encryption uses a pair of mathematically linked keys: a public key that can be shared with anyone, and a private key kept secret by its owner. What one key locks, only the other can unlock. The common algorithms are RSA and the elliptic-curve family (ECDH/ECDSA).
| Use the… | To… | Giving you |
|---|---|---|
| recipient's PUBLIC key to encrypt | send a secret only the holder of the matching private key can read | Confidentiality (anyone can encrypt to you) |
| your own PRIVATE key to sign | prove a message came from you (only you have that key) | Authentication (a digital signature) |
This neatly solves the "strangers sharing a secret" problem: you can hand your public key to the whole world, and anyone can use it to send you something only your private key can open. The catch is that asymmetric operations are slow and computationally heavy — far too slow to encrypt an entire data stream.
Hashing — A One-Way Fingerprint
A cryptographic hash function (e.g. SHA-256) takes any input and produces a fixed-size "fingerprint" — the digest. It has three defining properties:
- Deterministic: the same input always yields the same digest.
- One-way: you cannot reverse a digest back into the original input.
- Collision-resistant & avalanche: two different inputs (practically) never share a digest, and changing a single bit of input scrambles the entire output.
Hashing on its own provides integrity checking: if you know the expected digest of some data, you can re-hash what you received and confirm it wasn't altered. But note what hashing alone does not give you — see the next section.
MACs — Integrity WITH a Key
A MAC (Message Authentication Code) is like a hash, but it also folds in a secret key. Only someone holding the key can produce a valid MAC for a message, and only someone with the key can verify it. The common construction is HMAC (e.g. HMAC-SHA256).
Because forging a valid tag requires the secret key, a MAC delivers integrity and a form of authentication at once: it proves the message wasn't altered and that it came from someone who shares the key. This is how TLS protects each record of application data after the handshake — using the symmetric key it just negotiated.
TLS_AES_256_GCM_SHA384 in Chapter 8 — the "GCM" part is the AEAD mode. Conceptually it's still "symmetric encryption + a MAC," just fused into one safer primitive.
Putting the Primitives Against the Guarantees
| Primitive | Key model | Speed | Provides |
|---|---|---|---|
| Symmetric (AES) | one shared secret key | fast | Confidentiality |
| Asymmetric (RSA, ECDH) | public + private key pair | slow | Key exchange & Authentication |
| Hash (SHA-256) | no key | fast | Integrity (keyless) |
| MAC / HMAC | one shared secret key | fast | Integrity + sender authenticity |
| AEAD (AES-GCM) | one shared secret key | fast | Confidentiality + Integrity together |
No single primitive provides all three guarantees — TLS is essentially the recipe for combining them: asymmetric crypto to establish a shared symmetric key and to authenticate the server (via certificates, Chapter 4), then AEAD symmetric crypto to protect every byte of data with confidentiality and integrity. The next chapter zooms in on the asymmetric half: how two parties actually agree on that shared key.
Hands-On Exercises
Use sha256sum (or openssl dgst -sha256) to hash a short string, then hash it again after changing a single character. Confirm the digest length is identical but the value is completely different (the avalanche effect), and explain why this property matters for integrity checking.
Using openssl, time a symmetric operation vs an asymmetric one to feel the speed gap: generate an RSA key and do a public-key operation, and separately encrypt a chunk of data with AES. Then explain in your own words why TLS uses the slow asymmetric step only to set up the fast symmetric one.
📄 View solutionFor each item, name the primitive that fits and the guarantee it provides: (a) encrypting a 4 GB video stream efficiently; (b) letting strangers send you a secret with nothing pre-shared; (c) proving a downloaded file wasn't corrupted, given a trusted digest; (d) proving a message both is intact and came from someone sharing your key.
📄 View solutionChapter 2 Quick Reference
- Symmetric (AES) — one shared key encrypts & decrypts; fast; gives confidentiality; problem = sharing the key
- Asymmetric (RSA, ECDH) — public + private key pair; slow; solves key sharing & enables signatures/authentication
- Hybrid model — asymmetric to agree a fresh symmetric key, then symmetric for the bulk data (the core TLS idea)
- Hash (SHA-256) — keyless one-way fingerprint; deterministic, irreversible, avalanche; gives keyless integrity
- A plain hash can't prove who sent data — an attacker recomputes it; you need a key
- MAC / HMAC — hash + secret key; integrity AND sender authenticity
- AEAD (AES-GCM, ChaCha20-Poly1305) — fuses encryption + integrity in one step; used by modern TLS
- Next chapter: public-key crypto & key exchange — RSA vs Diffie–Hellman, and forward secrecy