In this edition of the Kiiff Blog, we are going to take a look at a vital internet technology: Security Socket Layer, or SSL.
What is SSL?
SSL is commonly, and almost exclusively, seen by the user when they see a green bar in their browser. It is there to tell us that the site we are connected to is using a secure connection for that session. Here is a picture for you visual folk like myself:
The technology was invented by people much smarter than me and allows us to send sensitive data over the internet without worrying about someone intercepting and reading it. If they do intercept it, they won’t be able to make any sense of the data and it would take thousands of years to decipher!
How Does It Work?
SSL works using Public Key Infrastructure or PKI. In the case of SSL, three keys are needed to ensure a secure channel between two parties. The process is called the “SSL Handshake”, not to be confused with a common TCP handshake. Remember that this process is only completed one time per session and then all of the data transmitted after that is safe. A note on public and private keys, if something is encrypted with a public key, it can only be decrypted with the corresponding private key. This is an important relationship for SSL. Here is a rundown of how that session is established.
- The client connects to the server and asks the server to identify itself to the client. The client will also present ciphers it supports to the server so the server can find one in common they can both use
- The server will pick a cipher so it can generate its public and private keys (2 of the 3 required keys). It also identifies itself to the client with a certificate. This certificate is signed by a certificate authority, or, a trusted third party that signed to say that the server is who they claim to be. The server will lastly send its public key to the client. Remember that no one should ever find out the server’s private key
- The client validates the certificates legitimacy and then proceeds to generate a session key. The key can be something like a random number that the client encrypts with the server’s public key and sends it back to the server
- The server now uses its private key to decrypt the message sent from the client to learn the session key
- At the conclusion of the session, the session key is discarded
Now that the client and server know a unique key, they can encrypt all communications between them for the safety of sensitive data!
Thank you to all who stuck through that explanation, I know it got technical. If you want to learn more about Public Key Infrastructure, Diffie-Hellman Key Exchange, or the TCP handshake, visit some of these links:
At Kiiff, we offer SSL protection for your business! Check it out in the Kiiff store for additional details.
Hope you enjoyed this edition of the Kiiff blog and stay tuned for more web technologies!