Ye page har word, symbol, aur picture build karta hai jis par parent note depend karta hai, bilkul absolute zero se. Ise parent se pehle padho aur wahan kuch bhi magic nahi lagega.
Kisi bhi crypto se pehle, ye samjho ki ek message kin do states mein ho sakta hai.
Figure dekho: wahi envelope wire par do baar travel karta hai. Upar se readable hai — beech mein pickpocket bas padh leta hai. Neeche se shredded gibberish hai — pickpocket copy karta hai par kuch nahi seekhta. Topic ko ye kyun chahiye: TLS (Transport Layer Security) ka poora point yahi hai ki message ko upar wali wire se neeche wali wire par le jaao. Baaki har concept us switch ko possible aur safe banane ke liye exist karta hai.
Topic ko ye kyun chahiye: HTTPS bulk data ko ek shared key se scramble karta hai. "Handshake" ke baare mein sab kuch basically us struggle ke baare mein hai ki dono sides ke paas wahi key ho — bina us key ko open wire par mail kiye.
Ye single most important fork hai. Parent ise "hybrid crypto" kehta hai.
Figure mein, symmetric case (left) dono sides par ek jaisi key dikhata hai. Asymmetric case (right) ek lock dikhata hai jo sab snap shut kar sakte hain (public key) lekin sirf owner ki alag key (private key) hi khol sakti hai. Do directions kyun matter karti hain:
Koi bhi aapki public key se lock kare → sirf aap kholo → ye ek secret aap tak pahunchata hai.
Aap apni private key se lock karo → koi bhi aapki public key se khol le → ye prove karta hai ki box aap se aaya (ek signature — §5 dekho).
Poori detail Symmetric vs Asymmetric Encryption mein hai.
Parent ke Diffie–Hellman box mein gamodp likha hai. Do symbols samajhne hain: exponent aur mod.
Topic ko ye kyun chahiye: ye key exchange ka mathematical engine hai — Diffie–Hellman Key Exchange dekho. Ye do strangers ko public mein ek secret par agree karne deta hai kyunki gamodp reverse karna (discrete log problem) bahut slow maana jaata hai — provided upar ke parameters sahi choose kiye gaye hon.
Figure ko upar se neeche trace karo: document → hash (fingerprint) → sender ki private key se lock = signature. Right side par, receiver public key se unlock karta hai aur independently re-hash karta hai; equal fingerprints = authentic.
Topic ko ye kyun chahiye: certificates signed documents hain, aur handshake ka "Finished" message puri conversation ka ek signed/MAC'd fingerprint hai — isi tarah tampering pakda jaata hai. Detail Digital Signatures & Hashing mein hai.
Figure ek ladder hai: aapka browser root par stand karta hai jis par wo trust karta hai (bottom, pale yellow). Upar ka har rung neeche ke rung ne sign kiya hai. Agar har signature leaf tak check out ho, aap leaf ki public key trust karte ho.
Topic ko ye kyun chahiye: key exchange akela bekar hai agar ek attacker mid-wire apni public key deta hai (MITM). Certificate + chain prove karta hai ki public key actually us domain ki hai — aur expiry + revocation stale ya stolen certs ko reuse hone se rokta hai. Ye Public Key Infrastructure (PKI) ki duniya hai.
TLS vacuum mein nahi chalta; ye existing layers ke upar baithta hai.
Topic ko ye kyun chahiye: "HTTPS on port 443" ka matlab hai: DNS server dhundho, TCP connect karo, TLS tunnel negotiate karo, phir HTTP safely flow kare. Parent ka handshake us chain ka step 3 hai.
HTTP, TLS aur HTTPS mein se har ek ka kya matlab hai
HTTP = plain web request/response language; TLS = Transport Layer Security, ek tunnel jo encryption+authentication deta hai; HTTPS = HTTP jo TLS tunnel ke andar run kare.
Cleartext aur ciphertext mein difference
Cleartext human-readable hai; ciphertext scrambled noise hai jise eavesdropper key ke bina samajh nahi sakta.
"Key" kya hoti hai aur encrypt/decrypt kya karte hain
Key ek secret number hai; encrypt cleartext+key→ciphertext mix karta hai, decrypt ise reverse karta hai.
Symmetric vs asymmetric ek-ek line mein
Symmetric = ek shared key (fast); asymmetric = public/private pair jahan ek lock kare aur doosra khole.
Public key se lock karna kya achieve karta hai vs private key se lock karna
Public-key lock ek secret deliver karta hai jo sirf owner khol sake; private-key lock prove karta hai ki box owner se aaya (ek signature).
gamodp ka matlab
g ko a baar khud se multiply karo, phir prime p se divide karne ka remainder (arithmetic jo clock jaisi wrap karti hai).
p ka large prime hona aur g ka proper generator hona kyun zaroori hai
Chhota ya non-prime p attacker ko har exponent try karke secret crack karne deta hai; g=1 ya weak generator sirf kuch values produce karta hai jise koi bhi guess kar sake — isliye security good parameters par depend karti hai.
DH ke liye gab=gba kyun matter karta hai
Dono parties public mein opposite exponents se identical shared secret tak pahunchti hain, bina use bheje.
Ek cryptographic hash ki teen properties
One-way (reverse nahi ho sakta), avalanche (ek bit sab badal deta hai), aur collision resistance (same fingerprint wale do inputs nahi dhundh sakte).
Kya signing message hide karta hai?
Nahi — signing sirf fingerprint lock karta hai sender+integrity prove karne ke liye; message readable rehta hai. Encryption content hide karta hai; signing nahi.
Nonce (rc, rs) kis kaam aata hai
Ek fresh single-use random number jo har session ki keys unique banata hai, replay ko defeat karta hai.
Transcript kya hota hai aur ise MAC kyun karte hain
Saare handshake messages ka ordered record; end mein ise MAC karna koi bhi tampering detect karta hai jo encryption switch on hone se pehle hua ho.
Certificate kya bind karta hai aur use kaun sign karta hai
Ye ek domain name ko ek public key se bind karta hai; ek Certificate Authority use sign karta hai.
Certificate par signature ke alaawa do checks
Expiry (not-before/not-after dates) aur revocation (CRL ya OCSP) — ek stale ya cancelled cert reject hoti hai chahe correctly signed ho.
Chain of trust kya karta hai
Leaf→intermediate→root ko link karta hai taaki trust verified signatures ke zariye un root tak flow kare jo aapke browser mein already hain.
TLS kin lower layers par depend karta hai
DNS (name→IP), TCP (reliable pipe), aur HTTP (woh language jo tunnel ke andar ride kare).