Jaspreet, ‘Billy The Bank’ and the Secrets of the Web
Once upon a time in the bustling digital town of InternetHills, lived a curious geek named Jaspreet. He had a happy digital family. When he was not working, he would be visiting websites, online shopping, chatting with friends, and above all he had a zeal of learning new things.
But in this town, danger lurked in the shadows. Eavesdroppers, hackers, and social engineers ready to steal messages. This scared Jaspreet and he stopped visiting random websites. These were dark times.
One dark stormy night, Jaspreet stumbled upon a mysterious and secure website called https://example_bank.com, run by a kind but cautious guardian named Billy The Bank. Jaspreet wanted to talk to this website, but he was now scared of the man in the middle attack.
So, Jaspreet and ‘Billy The Bank’ had to use Hybrid Cryptography to talk safely. Let’s follow their enchanting journey of secrets, spells and cyber security.
‘Billy The Bank’ knew of two powerful types of encryption magic:
- Symmetric encryption: Fast and efficient, like a shared secret code between close friends. But both people had to already know the same secret key. Using just one key to both encrypt and decrypt. It was quick and good for large amounts of data. (Example: AES)
- Asymmetric encryption: Slower but secure. It used a public key to lock secrets and a private key to unlock them. One key to encrypt and another key to decrypt. Public Key could be shared with anyone but Private key would always be private and can not be shared with anyone. That’s the rule. (Example: RSA)
To balance speed and safety, ‘Billy The Bank’ used Hybrid Cryptography: asymmetric encryption to safely exchange a secret key and symmetric encryption for the main conversation
Cryptographers from past had also invented ancient techniques:
- Substitution Spells turned letters into other letters (A into D, 1 into 9).
- Transposition Spells shuffled/rearranged the order of characters (HELLO became LEHOL).
Modern ciphers like AES combined both to keep even the cleverest intruders guessing. However, algorithm like RC4 used Substitution.
Depending on the mission Jaspreet and ‘Billy The Bank’ planned to choose:
- Stream Ciphers, which whispered secrets one bit at a time. Perfect for real-time chats. Stream Ciphers used Substitution Spells.
- Block Ciphers, which sealed chunks of text into encrypted blocks, ideal for storing data safely. Block Ciphers used a combination of Substitution and Transposition Spells.
But spells weren’t enough. They also had to protect four sacred pillars of digital trust:
- Confidentiality: Keeping secrets secret.
- Integrity: Ensuring nothing was altered.
- Authentication: Knowing who you’re talking to.
- Non-Repudiation: Preventing anyone from denying what they sent.
So, when Jaspreet typed https://example.com into his browser, their magical encounter began.
Step 1: ‘Billy The Bank’ Shared His Credentials ‘Billy The Bank’ sent Jaspreet his Digital Certificate, which contained his public key and was signed by a trusted Certificate Authority (CA). Trusted by both of them.
Step 2: Jaspreet wanted to ensure that he is talking to the right person, so he Checked ‘Billy The Bank’ ’s ID Using the CA’s public key, Jaspreet verified the digital signature on ‘Billy The Bank’ ’s certificate. It matched! It was confirmed that ‘Billy The Bank’ was who he said he was and not any imposter.
Step 3: Jaspreet Created the Magic Key i.e. a session key – a temporary secret used for the chat, to encrypt the data. He locked it using ‘Billy The Bank’ ’s public key and sent it his way.
Step 4: ‘Billy The Bank’ Unlocked the Secret ‘Billy The Bank’ used his private key to unlock the session key. Now both of them shared the same secret!
Step 5: Enchanted Messages Began From then on, Jaspreet used the session key to encrypt his messages. To protect integrity, he created a hash of each message and signed it using his private key, creating a digital signature.
Step 6: ‘Billy The Bank’ Verified the Magic ‘Billy The Bank’ used Jaspreet’s public key to verify the signature. If the hash matched, he knew the message came from Jaspreet and hadn’t been changed.
But how did ‘Billy The Bank’ get his magical certificate in the first place? Let’s solve this mystery.
‘Billy The Bank’ had created his own pair of keys: one public, one private. He wrote a Certificate Signing Request (CSR) and sent it to the trusted Certificate Authority. After verifying his identity, the CA signed his public key with their private key and issued him a Digital Certificate. That’s how ‘Billy The Bank’ earned his credentials in the kingdom of the web.
And so, with magic keys, trusted signatures, and encrypted scrolls, Jaspreet and ‘Billy The Bank’ safely communicated in the vast land of InternetHills.
Now, every time Jaspreet browses a website and sees a little padlock in his browser, he smiles because he knows that somewhere, spells of hybrid cryptography are keeping him safe.
So the next time you see the little padlock in your browser, smile, you’re part of the magic!