Secure Sockets Layer (SSL)
Sensitive information transmitted through the Internet in plaintext is highly not recommendable. Information can be easily sifted by passive listeners.
Encrypting information using additional systems before sending over the Internet seems to be the most appropiate solution, but have you ever wondered, how is the party on the other side going to know your keys for decryption? With the help of SSL, data transmission through webpages is much more secured these days.
SSL is the most widely used method to provide secure transactions over the internet. SSL provides a secure channel between the two parties. SSL is also supported by most web clients and server. SSL uses a both secret and public key encryption as well as digital certificate. Instead of the normal HTTP protocol, SSL use the HTTPS protocol
Benefits of SSL
Privacy and Integrity is ensured by encryption. In the event that the information is intercepted in transmission, the third party will not be able to read the information as it is encrypted as he does not have the key (privacy of information). A modification of the information during the transmission process will be result in a decryption error (integrity of information). Authentication is ensured by the digital certificates.
Three keys are involved in each tranmission.
Session Key: The client and the server use the session key to encrypt/decrypt data. It is created by the client, and this key is being used throughout the subsequent transmission.
Public Key : The client encrypts a session key with the server’s public key.
Private Key: The server’s private key decrypts the client’s session key.
Step 1: The client creates a session key
Step 2: The client encrypts the session key with the server’s public key
Step 3: The client sends the ciphered session key to the server
Step 4: The server decrypts the ciphered session key with its private key
Step 5: The client encrypts the message intended with the session key
Step 6: The client sends the ciphered message to the server
Step 7: The server decryprs the ciphered message with the session key (The server receives the message)