Part 3: Securing communication channels
By now you’ve seen the cryptographic building blocks — hashes, HMACs, AES, RSA, elliptic curves — and you know how they work in isolation. But security isn’t just about the math. It’s about trust. Who are you really talking to? Can you be sure that the keys you’re using belong to the right person or system? And how do you keep conversations private when the network itself can’t be trusted?
Part 3 connects the building blocks into systems that establish trust and protect communication over hostile networks. You’ll start by learning how digital certificates and public key infrastructure (PKI) solve the “who are you talking to?” problem (chapter 8). You’ll then follow the lifecycle of a certificate, from creation to validation, renewal, and even revocation. We’ll also talk about how to handle self-signed certificates and set up your own certificate authority for local development (chapter 9). Finally, you’ll see it all put together with TLS (chapter 10), the protocol that secures the modern internet, protects against eavesdropping and impersonation, and keeps data safe in motion.
Throughout Part 3, the Acme Inc. case study keeps us grounded in real-world software systems. You’ll experiment with tools like OpenSSL, configure Spring Boot apps with certificates, and understand how an orchestrator such as Kubernetes ingress controllers and service meshes handle TLS at scale.