An explanation of HTTPS on homing pigeons

Cryptography is a hard thing to understand. It consists of mathematical theorems, proofs, which raises the threshold of entry. But even if you use it in your project, it is not necessary to delve into these algorithms, the main thing is to understand the principles of operation.

This post is a translation of the article .
')
If you opened this article to create the next HTTPS protocol, you did not go there. This article will not be enough. It describes the principles of HTTPS on the fingers or by analogy with the pigeons.

Alice, Bob and ... doves?

Any activity on the Internet (reading articles, online purchasing or downloading photos of seals) occurs by sending and receiving data from the server.

Imagine this instead of electronic signals, data transfer carrier pigeons. And they know exactly where they need to fly. The difference is only in the transmission speed.
Imagine that there is Alice, Bob, and they decided to chat.

First post

If Alice decided to write a message to Bob, then she attaches a message to the leg of the carrier pigeon and sends it to Bob. Bob gets the message, reads it. As if everything is cool. This is how HTTP works. Wrote a message, sent, the recipient received.

But imagine the situation, Sveta intercepts Alice's pigeon, changes the message and sends it to Bob. Bob has no mechanism to find out if the message was intercepted and changed.
This is a clear minus of HTTP. It can be intercepted and modified during the transfer.

Secret code

But what if Alice and Bob found out about interceptions and decided to defend themselves with a secret code? They agreed that they would shift each letter from the message by three positions. For example, A → G, C → E. Then the message “I love you” will turn into “To xdzdob”.

Now even if the message is intercepted by Light, she will not understand what is written in it and does not know the offset to decipher. At the same time, Bob knows and can decipher it.

Cool!

This encryption method is called symmetric, because the message can be encrypted and decrypted. And the shift encryption method is also called the Caesar cipher.
In real life, the encryption principle is the same, only more complex algorithms.

How to pass the key?

Symmetric encryption is a cool and secure thing, if the encryption key is known only to the sender or recipient. In our case, Alice and Bob.

In the cipher that Alice and Bob have chosen, the key is the letter offset. The key can be equal to three and ten and twenty.

The problem is that Alice and Bob must agree on a key in person. And if it was not there, it is not safe to send the key with the dove. Sveta can catch this dove, find out the key and, in subsequent correspondence, decrypt, change the message, re-encrypt it and send it to Bob.

This method of intercepting, decrypting, reading, modifying, and sending a newly encrypted message is called Man in the Middle Attack or Man-in-the-Middle attack .

Pigeons and Caskets

Bob and Alice have come up with a new and better system.

1. When Alice wants to send a message, she sends an empty dove without a message. To Bob learned about the beginning of the correspondence.
2. Bob sends back a real key and a box
3. Alice writes a message, puts it in the box, locks it with a key and sends only the box.
4. Bob opens the box with his duplicate key.

Provided that it is difficult to fake the key of the box and Sveta’s master will duplicate the week, and the correspondence is frequent and each time new keys, interception of messages becomes meaningless.

But the problem remained. Sveta can simply break the casket, look at the message and send a new message in a new casket.

How to secure the box?

To protect the box fakes, Bob and Alice agreed to sign and seal them. The only problem is that Alice and Bob have never seen each other and do not know the seals and signatures of each other. Then they turned to Ivan.

Ivan is a very respected authoritative, honest man. He gets money for installing his seal and signature on the box. He only personally, with the addressee puts the seal, personally making sure that Bob is Bob, and Alice is Alice. He protects his authority and on Sveta's persuasion to put a seal that the casket, as it were, from Alice, refuses. In real life, Ivan is called a Certification Authority or Certificate Authority .
Now Alice and Bob correspond in the following way:

1. Alice sends an empty dove
2. Bob responds by sending the key and signed box to Ivan
3. In response, Alice writes a key to encrypt messages on a piece of paper, closes it with a key and sends it to Bob.
4. Bob verifies Bob's stamp and signature.
5. Then they send messages without boxes, just encrypting messages
6. From time to time I change the keys using the boxes

Even if Sveta intercepted the first box, she cannot open it. If she breaks it, she will not be able to sign it. If he does not recognize the code, he will not be able to decrypt the message.
This is how HTTPS works. The principle is the same, the encryption algorithms are more complicated and the data is transferred faster.