Encryption in Transit on DevLogs

CSR Formats, X.509 Standard, and more...

Sat, 02 May 2026 07:07:33 +0530

What are X.509 certificates? Link to heading

A X.509 is the standard certificate format of signed certificate which contains details like the server’s public key, the domain name it’s valid for, who issued it, how long it’s valid etc.

You don’t really need to memorize the structure, but the idea is that every certificate on the internet follows the same blueprint, so browsers know exactly where to look for things like the public key, issuer, and signature. It’s what makes the whole system interoperable.

The Chain of Trust: Signing TLS

Sat, 25 Apr 2026 18:23:33 +0530

The Trust Problem Link to heading

If you haven’t been following along, this is part of the series Encryption in Transit.

So far, everything sounds nice in theory. You and a server has a public key, you use it to create a pre-computed symmetric key and talk securely, done.

But, how do you even know that public key belongs to the server you think it does? Link to heading

Like, imagine you’re trying to connect to your bank. You ask for its public key, and you get a response containing the public key. Cool. But how do you know it’s really the bank you’re talking to? What if there is an actual attacker sitting and intercepting every request you make to your bank? Which means if you go to bank.com it is actually an attacker trying to portray itself as bank.com and never letting your request reach to the ACTUAL bank.com. In this case, they can just hand you their public key, you happily encrypt everything with it, and now they’re reading all your traffic while pretending to be the bank.

Refresher on Symmetric vs Asymmetric Encryption

Sat, 18 Apr 2026 18:23:33 +0530

Before we jump into TLS, certificates, and all the “why is my browser yelling at me” stuff… we need to get one thing straight:

How encryption actually works underneath?

There are two types of encryption you’ll see everywhere:

Asymmetric
Symmetric

Symmetric Encryption (Same Key, Both Sides) Link to heading

This is the simpler one. This is where you and I share a secret key.

I encrypt using that key
You decrypt using the same key

Encrypt(message, key) -> ciphertext
Decrypt(ciphertext, key) -> message

It’s useful because it’s really fast—like, very fast—and that makes it great for handling large amounts of data without slowing things down. Also note that in context of this series, it typically is used after a connection has already been established.