Neil Rieck
Waterloo, Ontario, Canada.
https://neilrieck.net
Caveat: This demo occasionally breaks at this hobbyist site. If you notice any problems then please send me an email here: n.rieck@bell.net
Update: This demo broke after I migrated this site from CentOS7 to AlmaLinux8 (via ELevate) which introduced a new version of Apache. While cgi
scripting continued to work via http, it failed via https. That problem is now fixed (sorry for any inconvenience)
Additional information for inquiring minds
- Overview
- The Diffie-Hellman algorithm occurs as part of the symmetric key cryptography
handshake (the same key is used to encrypt and decrypt). Think about the jail cell-door lock seen in western movies where one key is used to both lock and unlock.
- Eve, the eavesdropper could see a few things (RED) which could be a worrisome for those people who think that Eve might have access to a
super computer to helper her decode what is happening.
- However, if this DH handshake is first concealed by asymmetric key cryptography
(also known as public key cryptography) where a pubic key (which is derived from the server's certificate) is used to encrypt, but a private key is
used by the server to decrypt, then Eve will see no part of the symmetric handshake.
- optional: during the ssl-handshake, the far end server will request an optional client-side certificate. This is normally not used where
online vendors really only care if you have provided a valid credit card number. But if you have created/configured a client side certificate, then this is the
time that you will transmit your client certificate (which contains the client public key) to the server. You will then use your client private key to encrypt
messages (also called signing) sent over the already encrypted connection. This means that everything will be doubly encrypted until the switch over to symmetric
key encryption.
- Why not use asymmetric keys all the time?
- first off, asymmetric key cryptography is CPU intensive while symmetric key cryptography is tiny by comparison.
- secondly, there is an added benefit to using two levels of obfuscation.
- Source Code: