Why HTTPS?

We have often heard its https://someurl not http://someurl... What exactly it is? Does it matter anyway? Most of the time we are happy finding the desired site, why care HTTP or HTTPS? and do we really need to be aware of it?
Yes, Terribly!
HTTPS provides three most important powers to us over the internet.

  1. Privacy
  2. Integrity
  3. Identification.
What so special about these powers?
  1. Privacy
    It's pretty simple, things I do on the internet, nobody should know. Anybody can keep a track of what I am watching, browsing or with whom I am bitching up online against these #ayodhaverdicts, a meme I create/share...etc. It could be just anything, I don't want people to know about it.
    HTTPS provides these privacies.
  2. Integrity
    I want to bitch about the stupidity of 5 acres of land allotted to #ayodhaverdict with random people online. How am I going to be sure that message I have sent is received exactly in the same words? Anybody could breach in change my message and write something about Housefull4 and it's stupidity. Well, I don't want that. That's were integrity comes into the picture. By the way, this breaching is called Man in the Middle attack, will come to that later.
    HTTPS makes sure the requests we send online are exactly the same in its true form.
  3. Identification
    I want to order pizza from Dominos site. How can I be sure that I am on the right website? and not on some hacker's website which looks like domino's site? It's a big deal! Let's say I make payment online using my credit card, now hacker takes my credit card details and miss use it while putting me in debts. I definitely don't want that..duh!
    This is achieved by SSL certificate commonly known as a digital signature.
    A digital signature attached to a message identifies the sender ensuring to be connected exactly with the receiver expected. No fakey-fakey business here, SSL certificate is issued by legitimate Certificate Authority.
Powers over the web, how?

The Encryption that makes it possible!
There are two types of Encryption Algorithm.
a. Symmetric key algorithm.
Let's say am sending a message to my friend.
At first, my message gets encrypted. How? It follows the symmetric key algorithm... Think of it as my message is jumbled layer by layer and nicely blended it with my Key (which only I know of) and comes up with the random characters (Encrypted). When encrypted, message is reached at the other end, it can only be read (Decrypted) when the other person has the key with which message was encrypted...i.e my key! This makes it difficult for breachers to read the message because even if they know the algorithm and how it works they can't read the message...they still need my key to break the encryption.
But the hard part about it is... It is highly risky to share the key over the web... No! don't even take chance.
b. Asymmetric Encryption
Let's take the same scenario only here we have two keys.

  1. Private key which I own.
  2. Public key which I can share with people over the web.
    Let's continue the same example as above.
    Here, my friend has shared public key with me.
    Now I am sending a message, the same blending(encryption) happens but with the public key of my friend. When the message is received at the other end, my friend can read it using only the private key (decryption), which none knows off.
    That's the whole idea Only the private key can decrypt with the public key pair.

The above example was just to understand the working of these encryption. In actual scenario, symmetric and asymmetric key's role is played over when we connect to a site with ssl. :)

And how is that Happening? Handshake :P