Android Apps Security by Sheran Gunasekera
Author:Sheran Gunasekera
Language: eng
Format: epub, pdf
ISBN: 9781430240624
Publisher: Apress
Figure 6-13. Setting up an SSL/TLS Session
TLS and SSL use a combination of cryptographic techniques to ensure data transmission is secure. Let’s look at this session setup now. I’m not giving you surgical detail because you will almost never need to write your own TLS negotiation algorithm. Instead, this section will give you an idea of how encryption is set up and what takes place during a TLS session.
First, the client or browser will contact a web server and send it some information. The information contains details of the version of TLS it can support and a list of encryption algorithms. These are called CipherSuites, and they contain supported algorithms for various tasks like key exchange, authentication, and bulk ciphers.
Next, the server responds after selecting a specific CipherSuite that it supports and the highest common TLS version that both the client and server support. The server will then also send the client its SSL Certificate.
The client then uses the server’s public key to encrypt and exchange a PreMaster key, a key that generates a Master key.
Once the PreMaster key is exchanged, the client and server will use random values and the PreMaster key to generate a final Master key. This master key is stored on the client and server.
The server and client then switch to encrypting all data sent back and forth. The selected CipherSuite is used, and the symmetric Master key is used at both ends to encrypt and decrypt data. Figure 6-14 shows what you would see if you were able to capture an encrypted data session between the client and server. Figure 6-15 shows the handshake and other relevant details when viewed using OpenSSL. One look at it will immediately tell you that there is absolutely no usable data for an attacker. What does this mean to you as a developer, then? That you should use SSL and never worry about prying eyes when you exchange sensitive data between the client and server? I won’t accept your answer just yet. Let’s first look at a few details, and we will come back to your answer later.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Deep Learning with Python by François Chollet(12577)
Hello! Python by Anthony Briggs(9916)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(9796)
The Mikado Method by Ola Ellnestam Daniel Brolund(9779)
Dependency Injection in .NET by Mark Seemann(9340)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8301)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7763)
Grails in Action by Glen Smith Peter Ledbrook(7697)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7557)
Becoming a Dynamics 365 Finance and Supply Chain Solution Architect by Brent Dawson(7091)
Microservices with Go by Alexander Shuiskov(6859)
Practical Design Patterns for Java Developers by Miroslav Wengner(6777)
Test Automation Engineering Handbook by Manikandan Sambamurthy(6718)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6419)
Angular Projects - Third Edition by Aristeidis Bampakos(6129)
The Art of Crafting User Stories by The Art of Crafting User Stories(5652)
NetSuite for Consultants - Second Edition by Peter Ries(5586)
Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov(5392)
Kotlin in Action by Dmitry Jemerov(5066)
