Exploring HTTPS and Cryptography in Python (Summary)
In this course, you’ve learned some of the core underpinnings of secure communications on the Internet today. Now that you understand these building blocks, you’ll become a better and more secure developer.
Throughout this course, you’ve gained an understanding of several topics:
- HTTPS and TLS
- Public Key Infrastructure
Here are resources for more information on the topics discussed in this course:
- Python Cryptography: Read the Docs
- OpenSSL: Cryptography and SSL/TLS Toolkit
- History of cryptography - Wikipedia
- TLS: Transport Layer Security - Wikipedia
- RSA: (Rivest–Shamir–Adleman) Cryptosystem - Wikipedia
- Modular Arithmetic - Wikipedia
- How does RSA work? - Hackernoon
- Socket Programming in Python - Real Python article
- Running Your Flask Application Over HTTPS - Miguel Grinberg
00:00 Thanks for sticking with me this far! This course has talked about HTTPS, I showed you how to build a simple Flask server, the basics behind cryptography, how to strengthen your server using Fernet ciphers, why asymmetric key exchange and public and private keys are important, how to write code in Python to be a Certificate Authority, using the certificates generated by your Certificate Authority to host a Flask server using HTTPS, and now, I’m going to talk about a couple of simpler ways of generating those certificates and provide you with some further reading.
This course has taught the long way around as to how to get certificates. I did that in the hope that you’d have a better understanding of how the pieces fit together. In real life, if you need one of these certificates, there’s usually ways around it. First off, if you’re developing in Flask it has an
'adhoc' mode. Inside of your code, instead of setting the
ssl_context to be the public and private keys, you can set it to the keyword
'adhoc'. Flask will start the server, it’ll listen on HTTPS correctly, and it will generate a certificate on the fly.
If you’re just trying to test your code in HTTPS, you can accept the risk and continue. Similarly,
--insecure. Using this parameter, you can tell it to ignore whatever certificates come down and just assume they’re valid. Using the Flask
'adhoc' mechanism and
--insecure parameter, you can skip past all of the certificate generation steps that I showed you in the sixth and seventh lessons. Alternatively, there’s an open-source library called OpenSSL.
This rather long command line asks OpenSSL to generate a certificate. As you read through it, you’ll probably notice some phrases that are familiar. It’s asking for an X.509 certificate, it’s asking to use an RSA key to create it.
-out cert.pem and
key.pem are the public and private certificate files.
These are the equivalent of
server-private-key PEM files in your code. Essentially what you did in the Python in this lesson is write a subset of what
openssl provides for you. For your reference, here’s some links to some of the tools I’ve talked about in this course.
netstat is the Windows equivalent of
lsof. You can find out more information on it here. This is the Python
cryptography documentation, Flask’s documentation, the OpenSSL tool, and finally, Wireshark. If you want to drill down more, here’s some suggested reading.
04:02 If you’re interested in the TCP layer and how sockets work, you can get more information on socket programming in Python in this article. Finally, you can get more information on using Flask and HTTPS together by reading Miguel Grinberg’s blog post. Before signing off, I would just like to acknowledge elconomeno, oksmith, and Lad Fury.
Become a Member to join the conversation.