2-way SSL

Asymmetric cryptography

How does asymmetric cryptography work ?

Coming back to 2 way SSL

SSL(Secure Socket Layer) is a cryptographic protocol used for enabling secure communication between a client and server to ensure data security and integrity.

  • Client requests a protected resource over HTTPS protocol and the SSL handshake process begins. This message includes the client’s SSL version number, cipher settings, session-specific data and other information that the server needs to communicate with the client using SSL.
  • Server sends a copy of its public certificate to the client. This message includes the server’s SSL version number, cipher settings, session-specific data, an SSL certificate with a public key and other information that the client needs to communicate with the server over SSL.
  • Client checks the certificate root against a list of trusted CAs and that the certificate is valid. If the authentication fails, then the client refuses the SSL connection and throws an exception. If the client trusts the certificate, it creates, encrypts, sends back its public certificate to the server and move on to the next step.
  • Server validates/verifies the received certificate through certification authority (CA) for CA signed certificates.
  • After completion of handshake process, client and server communicate and transfer data with each other encrypted with the secret keys shared between the two during handshake. Please see the pictorial representation of the whole process below:
2 way SSL
import (
"bytes"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"flag"
"io/ioutil"
"log"
"net/http"
)
var (
caFile = flag.String("CA", "publicTest.pem", "A PEM encoded CA's certificate file.")
)
func main() {
flag.Parse()

// Load CA cert
caCert, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
// Setup HTTPS client
tlsConfig := &tls.Config{
RootCAs: caCertPool,
}
tlsConfig.BuildNameToCertificate()
transport := &http.Transport{TLSClientConfig: tlsConfig}
headers := http.Header{}
headers.Set("xyz-Client-Id", "abc-def-ghi-jkl")
headers.Set("xyz-Client-Secret", "jasbdjkabckasnclasncdsv")
var body = []byte(`{
"order_id": 1223
}`)
request, err := http.NewRequest("POST", "https://staging- abc/order/update", bytes.NewBuffer(body))
if err != nil {
log.Fatal(err)
}
request.Header = headers
client := &http.Client{
Transport: transport,
}
// Do POST something
resp, err := client.Do(request)
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
// Dump response
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.Fatal(err)
}
log.Println("data: ", string(data))
}

--

--

--

Software Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Government-assured digital identity has arrived at a pivot point

{UPDATE} Easter Junior Hack Free Resources Generator

{UPDATE} メルクストーリア - 癒術士と鐘の音色 - Hack Free Resources Generator

Bridge Mutual and Zero Exchange Announce Partnership

{UPDATE} Halloween - Puzzles para Colorear - Juegos Niños Hack Free Resources Generator

How to Fix ERR_NAME_NOT_RESOLVED Error on Google Chrome

What we want to solve with UNiD

Saved You a Seat Episode 21: Fighting Fraud and Counterfeit Checks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aman Jain

Aman Jain

Software Engineer

More from Medium

Face-to-Face Communities as the Template for your Online Community

Re-redesign MARTA Mobile App and “The Chair” for Children Aged 8–12

Osasion DAPP’s Web 3.0 Light Start

How to step forwards to a better condition