Secure Sockets Layer (SSL)
Sensitive information transmitted across the Internet in plaintext is extremely not recommendable. Information can be easily filtered by passive listeners.
Encrypting information using additional systems before sending thrugh the Internet seems to be the most appropriate choice, but have you ever pondered, how is the party on the other side going to know your keys for decryption? With the help of SSL, data transmission across webpages is more highly secured these days.
SSL is the most popular method adopted to provide secure transactions over the internet. SSL provides a secure channel between the two parties. SSL is also supported by most web clients and server. SSL works with both secret and public key encryption as well as digital certificate. However, instead of the normal HTTP protocol, SSL use the HTTPS protocol.
Benefits of SSL
Privacy and Integrity is ensured by encryption. In the event that the information is intercepted in transmission, the third party will be unable to read the information as it is encrypted and moreover, he does not have the key (privacy of information). A modification of the information during the transmission process will result in a decryption error (integrity of information). Authentication is ensured by the digital certificates.
Process
Three keys are involved in each transmission.
Session Key: The client and the server uses the session key to encrypt/decrypt data. It is created by the client, and this key is being used throughout the subsequent transmission.
Public Key : The client encrypts a session key with the server’s public key.
Private Key: The server’s private key decrypts the client’s session key.
Step 1: The client creates a session key
Step 2: The client encrypts the session key with the server’s public key
Step 3: The client sends the ciphered session key to the server
Step 4: The server decrypts the ciphered session key with its private key
Step 5: The client encrypts the message intended with the session key
Step 6: The client sends the ciphered message to the server
Step 7: The server decryprs the ciphered message with the session key (The server receives the message)