This video explains what web encryption including the terminology of SSL, TLS and HTTPS. TLS being the current version of encryption technology used to keep data safe.
Through encryption data from the user and webserver is converted into cipher text, which cannot be understood except by the intended recipient. This is the basics of encryption which is explained in my earlier videos on cryptography.
This uses the concept of hybrid encryption. The client and server first use asymmetric (public-private key) encryption to communicate. This uses the web certificate from the server which makes it's public key available. During the TLS hand-shake the client then generates a symmetric encryption key (also known as a shared key), which it can share securely with the server using the servers public key. Once the shared key is known by both parties then they can use that instead as it is faster and requires less processing power. The TLS hand-shake is shown below.
Encryption can protect usernames and passwords from being captured by an attacker. This is essential if you are using logins on your website.
Encryption can protect data being sent by the user (eg. credit card information) and also protect against someone manipulating data sent to the end user through a "man-in-the-middle" (or meet-in-the-middle) attack.
Encryption can also help provide some element of privacy. It does not hide which server you are visting, just the pages that are visited and any data transferred. It does not hide you from the web server. For these you would need some kind of anonymiser such as using the TOR browser.
Just because a website has encryption and shows the padlock icon in your browser does not mean that it is a safe website. It just means that the data between you and the server is encrypted protecting the traffic across the network. It's still possible that the website you visit has dangerous content etc.
Web certificates can be grouped into the following three types (although there are variations of these):
The higher the level of vetting the more likely it is that the website can be trusted, although diligence is still needed.
For more details about how cryptography and encryption see the following guides:
