Secure Sockets Layer
Know More About Secure Sockets Layer
(SSL)
Secure
Sockets Layer (SSL) is the most widely used technology for providing a
secure communication between the web client and the web server. Most of us are
familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When
we see this, we may wonder what’s the difference between http and https.
In simple words HTTP protocol is used for standard communication between the
Web server and the client. HTTPS is used for a SECURE communication.
What exactly is Secure Communication ?
Suppose
there exists two communication parties A (client) and B (server).
Working
of HTTP
When
A sends a message to B, the message is sent as a plain text in an
unencrypted manner. This is acceptable in normal situations where the messages
exchanged are not confidential. But imagine a situation where A sends a PASSWORD
to B. In this case, the password is also sent as a plain text. This has
a serious security problem because, if an hacker can gain unauthorised access
to the on going communication between A and B , he
can see the PASSWORDS since they remain unencrypted. This scenario is
illustrated using the following figure
Now
lets see the working of HTTPS
When
A sends a PASSWORD (say “mypass“) to B, the
message is sent in an encrypted format. The encrypted message is decrypted on B‘s
side. So even if the Hacker gains an unauthorised access to the ongoing
communication between A and B he gets only the encrypted
password (“xz54p6kd“) and not the original password. This is shown
below
How is HTTPS implemented ?
HTTPS
is implemented using Secure Sockets Layer (SSL). A website can implement
HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL)
technology protects a Web site and makes it easy for the Web site visitors to
trust it. It has the following uses
- An SSL Certificate enables encryption of sensitive information during online transactions.
- Each SSL Certificate contains unique, authenticated information about the certificate owner.
- A Certificate Authority verifies the identity of the certificate owner when it is issued.
How
Encryption Works ?
Each
SSL Certificate consists of a Public key and a Private key. The
public key is used to encrypt the information and the private key is used
to decrypt it. When your browser connects to a secure domain, the server
sends a Public key to the browser to perform the encryption. The public key is
made available to every one but the private key is kept secret. So during a
secure communication, the browser encrypts the message using the public key and
sends it to the server. The message is decrypted on the server side using the
Private key.
0 comments