Edit

517.1 Encryption and certificates

Learn how encryption protects web data in transit and how certificates establish trust between users and web servers.

Overview

In this topic, we explore how encryption is used to protect data sent over the internet. Students learn the difference between plain text and ciphertext, how encryption algorithms and keys work, and why websites use digital certificates to enable secure communication using HTTPS. These ideas form the foundation of web security and will be reinforced in later topics.

Targets

In this topic, students learn to:

  • Explain the difference between plain text and cipher text

  • Describe how encryption protects sensitive information

  • Understand how encryption keys and algorithms work together

  • Recognise the role of SSL/TLS in securing websites

  • Explain how digital certificates are used to establish trust

Syllabus references

Programming for the web

Explain the processes for securing the web

  • Secure Sockets Layer (SSL) certificates

  • encryption algorithms

  • encryption keys

  • plain text and ciphertext

What is encryption?

Encryption is the process of transforming readable data (plain text) into an unreadable format (ciphertext) to prevent unauthorised access. Only someone with the correct key can decrypt the message.

Encryption is used in web applications to:

  • Protect login credentials

  • Secure personal or financial data

  • Prevent tampering or eavesdropping during transmission

Symmetric vs asymmetric encryption

  • Symmetric encryption uses the same key to encrypt and decrypt data

  • Asymmetric encryption uses a public key to encrypt and a private key to decrypt

Web applications use both methods at different stages of the HTTPS handshake.

SSL/TLS and secure websites

Websites that use HTTPS encrypt all traffic using a protocol called TLS (Transport Layer Security), which replaced the older SSL (Secure Sockets Layer).

This prevents:

  • data from being read during transmission.

  • attackers from impersonating a website.

  • passwords and personal data from being stolen in transit.

What is a digital certificate?

A digital certificate proves that a website is authentic. It includes:

  • The domain name

  • The public key

  • The name of the certificate authority (CA)

  • An expiry date

When you visit a secure website:

  1. The server provides its certificate

  2. The browser verifies the certificate using the CA

  3. A secure connection is established

A valid certificate confirms the server’s identity and allows the browser to establish an encrypted connection using TLS.

Summary

Encryption is essential for protecting data as it travels over the internet. It works by converting plain text into ciphertext using keys and algorithms. Websites that use HTTPS rely on digital certificates and TLS encryption to ensure secure, trusted communication between users and servers.

Previous517 Securing web applicationsNext517.2 Authentication and authorisation

Last updated

Was this helpful?