Knowledge Guide
HomeSystem DesignEncryption

Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)

Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest

The slice leans everywhere on "the key is never sent" and "hybrid crypto," but never derives how two parties agree a secret over a public wire. This page derives Diffie-Hellman/ECDHE, defines forward secrecy from it, then builds out the operational crypto a senior is expected to know: key management (envelope encryption, rotation), the certificate lifecycle and its failure modes, the TLS attack surface, and encryption-at-rest choices. (The step-by-step TLS/mTLS handshake has its own page; this one is the "why" underneath it.)

1. Diffie-Hellman key agreement, derived

Everyone agrees on public values: a large prime p and generator g. Alice picks a secret a and sends A = g^a mod p; Bob picks secret b and sends B = g^b mod p. Both then raise the other's value to their own secret: Alice computes B^a = g^(ba), Bob computes A^b = g^(ab) — the same number g^(ab) mod p, now a shared secret. An eavesdropper sees g, p, A, B but recovering a from g^a mod p is the discrete-logarithm problem, computationally infeasible for large p. So the secret is agreed, never transmitted — that is the "key never sent" the whole slice rests on. ECDHE is the same protocol over an elliptic-curve group (smaller keys, faster) with ephemeral per-session secrets.

2. Forward secrecy

If the ephemeral secrets a, b are freshly generated per session and discarded after, then even if an attacker later steals the server's long-term private key, they still cannot decrypt past recorded sessions — the per-session DH secret is gone and the long-term key was only used to authenticate the exchange, not to encrypt data. That property is forward secrecy: compromise of the long-term key does not retroactively expose old traffic. It's why TLS 1.3 mandates ephemeral (EC)DHE and dropped static-RSA key exchange (where stealing the key unlocked every captured session ever).

3. Key management: envelope encryption

You don't encrypt terabytes directly with a KMS-held master key (throughput, blast radius, rotation cost). Instead, envelope encryption: a per-object/per-tenant Data Encryption Key (DEK) encrypts the data locally (fast, symmetric AES); the DEK is then wrapped (encrypted) by a Key Encryption Key (KEK) that lives in a KMS/HSM and never leaves it. You store the wrapped DEK next to the ciphertext. To read, you send the wrapped DEK to the KMS, it returns the plaintext DEK, you decrypt.

Rotation then becomes cheap: rotate the KEK and re-wrap the (small) DEKs — you don't re-encrypt the data. True data re-encryption (new DEK) is only needed if a DEK is compromised. An HSM protects the KEK in tamper-resistant hardware; the KMS mediates access and audit. This is the standard pattern (AWS KMS, GCP KMS, Vault) and the expected answer to "how do you rotate keys without re-encrypting everything?"

4. Certificate lifecycle and its failure modes

A cert binds a public key to a hostname, signed by a CA. The validation and failure modes seniors probe:

5. TLS attack surface

6. Encryption at rest — the options

7. mTLS vs the alternatives (service auth)

Rule of thumb: mTLS for service-to-service identity in a zero-trust mesh; short-lived tokens for user/edge auth; never long-lived API keys for anything sensitive.

Takeaways


Re-authored/Deepened for this guide.

🤖 Don't fully get this? Learn it with Claude

Stuck on Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)? Open Claude, copy a block below, and it'll teach you this exact concept — visually and interactively.

🎨 Explain it visually

Build the mental picture, not memorization.

I just read a lesson on **Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)** (System Design) and want to truly understand it. Explain Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive) from first principles using ONE vivid real-world analogy and a visual mental model — draw it as ASCII art or a clear step-by-step diagram — with a concrete example using real numbers. Then ask me one question to check I got the mental picture, and wait for my reply. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🤔 Walk me through it (interactive)

Socratic — adapts to where you're stuck.

Teach me **Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)** interactively. Ask me ONE guiding question at a time, wait for my answer, and adapt to my confusion — build the idea with me step by step instead of explaining it all at once. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🧪 Quiz me & fix my gaps

Active recall exposes what you missed.

Quiz me on **Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)** with 5 questions, easy to tricky, ONE at a time. Tell me if each answer is right; at the end, explain clearly what I got wrong and why. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🧠 Make it stick

Intuition + hook + flashcards for long-term memory.

Help me remember **Encryption — Key Agreement, Forward Secrecy, Certificates, TLS Attacks & At-Rest (Deep Dive)** for the long term: give the one-sentence intuition, a memorable hook/mnemonic, a tiny worked example, and 3 active-recall flashcards (Q -> A). If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.

📝 My notes