20 June 2013

How SSL (Secure Socket Layer) works

In our day to day activities on web we use "https" protocol for secure authentication. Most people do this unknowingly. Most of the developers does not know how this protocol works and how it makes authentication or browsing safe. For the people who are curious to know how this works, here it is.

HTTPS uses SSL. SSL mean Secure Socket Layer. SSL is combination of symmetric and asymmetric cryptography.

 Secret Key Cryptography (Symmetric cryptography):-

In this both the parties who are willing to share the data uses the same secret key and cryptography algorithm to encrypt and decrypt the messages. In this both parties should have a prior understanding on the secret key and the algorithm that they use in cryptography. The same key and algorithm is used for both encryption and decryption.

 Public Key Cryptography(Asymmetric cryptography):-

In this if "A" wants to send a secret message to "B" then "B" will have his own Private key and will share his Public key over the network to "A". Using Public key the messages can be encrypted but they cannot be decrypted. They can be decrypted only by the corresponding Private key. So now "A" will take the Public key of "B" and will encrypt the messages that he wants to send to "B". Once "B" receives the messages from "A" he will decrypt them using his Private key. The public and the private keys are cryptographic inverses of each other; what one key encrypts, the other key will decrypt. So this is called Asymmetric Cryptography.

 Public key cryptography requires extensive computations, making it very slow. It is therefore typically used only for encrypting small pieces of data, such as secret keys, rather than for the bulk of encrypted data communications.

 How SSL Works In Brief:-

 client sends a request to the server by providing information such as highest SSL version it supports, cypher suites (A set of cryptographic algorithms) available with it.
Server chooses the SSL version and best cypher suite which are available on both client and server and sends this information to the client.
server also sends its public key certificate to the client.
client encrypts the "secret key" and cypher algorithm that they should use on further negotiations using servers public key and will send it to the server.
client and server have an agreement on cypher algorithm and secret key that they should use.
Now client and server changes to the encryption mode.
Now both exchange the information using symmetric cryptography.
At the end of the connection, each side will send a close notify message to inform the peer that the connection is closed.

                   **********************Hope You Enjoy This*****************

No comments: