A layman’s guide to understanding the RSA key and algorithm used in SSL/TLS certificates (sometimes referred to as an RSA certificate)
If you’re looking for an SSL/TLS certificate, you’re likely to come across a bunch of terms that you have no idea what they mean. ‘RSA certificate’ or ‘RSA algorithm’ are some terms that you’ll find on all SSL certificates. But quite rarely you see a proper understanding given about it. Well, that’s why we’re here for, aren’t we? In this post, we’ll learn about SSL/TLS certificates equipped with the RSA algorithm aka an RSA certificate.
So, What Exactly is an RSA Certificate?
When someone refers to an RSA certificate, what they’re talking about is an SSL certificate that uses the RSA algorithm for digital signatures and/or data encryption.
RSA (Rivest–Shamir–Adleman) is a cryptographic algorithm that encrypts and decrypts the data. Invented in the year 1978, RSA was named after Rivest, Shamir, and Adleman – the mathematicians who invented it.
The fundamental function of an RSA certificate is to use the RSA algorithm for data encryption. In simpler words, it turns the data into an undecipherable format so that no one can see what the original data was, let alone tamper with it. This way, it solves the significant problem of secure communication. Such secure communication, at the time of the invention of the RSA certificate, was needed primarily in the military. But today, it’s required everywhere because of the proliferation of the internet and ecommerce. RSA certificates are most widely used with the asymmetric encryption algorithm.
Now you’re probably confused about what “asymmetric algorithm” is. Don’t worry, we’ve got it covered for you.
Sectigo EV SSL Certificates from $79.84/year!
Get the lowest prices on trusted SSL certificates from Sectigo.Shop for Sectigo SSL Certificates
RSA: The Most Widely Used Asymmetric Encryption Algorithm
As we saw, the RSA certificate uses an encryption algorithm that encrypts data so that unauthorized parties cannot see it or tamper with it. The encryption process is done by what’s known as “encryption keys.” Depending upon the function of encryption keys, encryption can be classified into two types. The first one is symmetric encryption, and the second is asymmetric encryption.
Symmetric encryption involves one key that is utilized to encrypt as well as decrypt the data. It’s kind of like a password. Asymmetric encryption, on the other hand, is quite the opposite to the method that is symmetric encryption. It involves two cryptographic keys, regarded as “public key” and “private key.” Both these keys are distinct but are mathematically related to each other. The public key, as you can understand by its name, is publicly available. The private key is supposed to be kept secret. That’s why some even refer to it as ‘secret key.’
In asymmetric encryption (also known as “public-key cryptography”), one key encrypts the data while the other key is used to decrypt it. For example, in SSL/TLS enabled websites, the public key encrypts the data while the private key, which is stored securely on the webserver, decrypts the data. This way, we can achieve three things:
- Authentication – Only the intended recipient will be able to see your data.
- Encryption – As the data is encrypted and cannot be decrypted without the private key, no one can come in between and steal or tamper with the data.
- Integrity = The recipient of the data/message can be sure that it has remained in the form the sender sent it.
How does the RSA Certificate and RSA Algorithm Work?
RSA algorithm (which the RSA certificate uses) uses the prime-factorization method to facilitate encryption and decryption of the data. If you don’t understand this, then not to worry as we have a simple example to help. Think of a prime number between 1 to 20 and name it “x.” Now, think of another one and name it “y.” Now let’s multiply them both and call the resultant number “z.” You know that z is the product of x and y. But what if someone was given just z and had been told to find x and y? Easy? Yes, it could be easy. But what if z is a large number, a really really large one! Then going back to x and y will be impossible. This is what is called “prime factorization.”
Let’s see how this works out in practice.
First, two huge numbers, p and q, are generated via the Rabin-Miller primality test algorithm. Then these two numbers are multiplied, and a modulus named ‘n’ is derived, which is expressed in bits, and its length is regarded as “key length.” A public key exponent called ‘e’ is used in the public key, and its value is usually set at 65537. This number is public as it’s a part of the public key. A private key exponent named “d” is used, and it’s a part of the private key. The modulus “n” and private key exponent “d” are used to calculate the private key.
Is an RSA Certificate Safe? Has it been Cracked?
As far as the safety of an RSA certificate and the RSA algorithm are concerned, it’s still entirely safe, and that’s why it’s the most widely adopted asymmetric algorithm today. However, the strength of the RSA certificate depends upon its key length. The lesser the size, the easier it’s to crack and vice-versa. Minimum RSA key length of 2048-bit is recommended by NIST (National Institute of Standards and Technology). All SSL/TLS certificates used today have the key size of 2048-bit, making your website safe.
Although the RSA certificate is quite safe in the present, companies have already started planning for life after RSA. Alternative asymmetric encryption algorithms such as ECC (Elliptical Curve Cryptography) have already entered the main fray, and more are expected to do so in the near future.