You may have noticed that many websites have an https:// before the web address while previously it was simply http://. So why the change? That ‘s’ is connected with the website’s digital certificate that essentially tells users like you that this website is ‘secure’. But you may be wondering: how do I know it’s secure? How does it get secured? Those are excellent questions!

To start let’s go over a bit of history - in the past if you wanted to share information with your friend without someone else understanding what you were saying you would scramble or encrypt the message. Now this works but it has some downsides; you need to know the person you are trying to communicate with, and you both need to keep the secret. It’s easy to see that this method does not scale well - after all Benjamin Franklin said: "Three people can keep a secret, if two of them are dead."

So what method do you use for large scale confidential communication with people you’ve never met before? This was a question that many very smart people toiled over for a long time until in 1976 two men found a solution.

Their names were Diffie and Hellman and they suggested a method to encrypt the message but then a different method to un-encrypt it. Only problem was they couldn’t figure out a practical way to do it.

Thankfully in 1978 Rivest, Shamir, and Adleman found a way to do it and as a result the RSA method was created.

This method was based on a trap-door function in math where its really easy to do the operation in one direction but almost impossible to do in the opposite direction.

In this case you multiply two large prime numbers together. That’s easy, but even with the fastest

computers it would take millions of years to reverse it and figure out what the original numbers were.

Next a Public Key is selected - this number is not a secret, anyone can know it. Then, based on this Public key, the computer uses a formula (1mod ϕ(n) / e) to calculate the Private Key which is super secret. In most cases only one computer in the world knows what this Private Key is and that’s where the security comes in. Messages encrypted using one key can only be decrypted using the other key.

 

So to summarize: when you go to a website that has https:// it means it has a digital certificate stating that it uses this RSA method of asymmetrical security. This means one person encrypts the message using the Public Key and the other person uses a combination of the Public Key and a Private Key to decrypt it. As a result, anyone who does not have the Private Key is unable to read the message.

 

Watch one of our technicians explain the math behind the RSA method here: