09.15.21

Encryption: Certificates - DataLocker Inc.

What is an Encryption Certificate?

The National Institute of Standards and Technology, or NIST, defines an encryption certificate as “a certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes. Key management sometimes refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate.” 

An encryption certificate is essentially a digital certificate to prove ownership of an encryption key. 

To understand what this means in the area of network security, a few terms need to be explained first, such as HTTP, HTTPS, SSL, and TSL. 

HTTP – HYPERTEXT TRANSFER PROTOCOL

HTTP is still one of the most widely used protocols for viewing web pages on the internet. A few years back when you visited a website, you could notice that the web address starts with HTTP, meaning you are now using HTTP to retrieve the webpage. However, if the letter S doesn’t follow, such as HTTPS, you’re sending plaintext information. This means that anything you’re sending from your computer to a web server is visible when using only HTTP because it’s transferred over a public system. If you’re viewing a website and not providing personal information, using HTTP isn’t a big deal. Still, anytime you enter sensitive information and send it through a public system, it’s vulnerable to cyberthieves.  

HTTPS – SECURE HYPERTEXT TRANSFER PROTOCOL  

HTTPS is HTTP with a security feature. Websites use HTTPS to encrypt the data being retrieved by HTTP. This ensures that all the information being transmitted over the internet, such as passwords, names, addresses, or social security numbers, is secure by making the data impossible to read through the use of an encryption algorithm. The next time you’re shopping for a new product, pay attention to the address bar; you’ll notice an S is added to the HTTP, indicating you’re using a secure method to transfer data. Another feature you’ll also see is a padlock symbol at the beginning of the address. When websites transmit encrypted data, the information stays safe because even if a hacker accesses it, the information will be unreadable. It should be noted that SSL inspection exists where a node on the Internet in which your traffic passes through could terminate the SSL connection and inspect the data. This is often applied in corporate networks to protect against malware attacks.

SSL – SECURE SOCKETS LAYER

Secure HTTP uses one of two protocols; one of these two is SSL. This is a protocol that’s used to secure information on the internet through public-key encryption. When a computer connects to a website using SSL, the browser will ask the website to identify itself. The website will then send a copy of its SSL certificate. An SSL certificate is a small digital certificate used to prove the identity of a website to let your computer know that a website is trustworthy. If the browser identifies the website as trustworthy, it will send a message to the webserver. After the web server receives the message, it will send an acknowledgment so an SSL session can proceed. After all these steps are complete, encrypted data can be exchanged between the computer and the webserver.  

TLS – TRANSPORT LAYER SECURITY 

The other protocol that secure HTTP uses is TLS, the latest industry-standard cryptographic protocol. As the successor to SSL, it’s based on the same specifications. It is designed to provide encryption, authentication, and data integrity more effectively than SSL. TLS is designed to prevent a third-party intervention when a website and client communicate. TLS is formed of two layers: record protocol and handshake protocol.

Record Protocol – The part of the communication that can be used with or without encryption, for instance, when you’re browsing websites for new products.

Handshake Protocol – To authenticate each party and enable the use of encryption algorithms. This happens when personal information is exchanged, such as making a purchase on a website and entering in name, address, and credit card information. Only new web browsers support TLS, which is why SSL is still widely used. 

What Do You Need To Know About Certificates?

The good news is that most websites now use HTTPS, even if sensitive information isn’t transmitted. As a user, the two main things you want to look out for are the S behind the HTTP and a padlock at the beginning of the web address. Even when a website uses HTTPS, it needs to be correctly configured to offer true security. If you want to verify that your favorite service is up to standard you can run a test with Qualys here.

Businesses will want to work with a professional to determine their security needs. DataLocker has a team of professionals that can assess your security needs. If you have questions about our products and services, visit www.datalocker.com, or contact one of our sales team at [email protected].