![]() The public key and the private key will not be used any more after this. Thus, at the end of the SSL handshake, both the client and the server have a valid session key which they will use to encrypt or decrypt actual data. The server decrypts the session key with its private key and sends the acknowledgement to the client encrypted with the session key. If the server has requested client authentication (mostly in server to server communication), then the client sends his own certificate to the server. The client creates a session key, encrypts it with the server's public key and sends it to the server. If the authentication succeeds, then proceed to step 4. Then the client refuses the SSL connection and throws an exception. The client verifies the server's SSL certificate from CA (Certificate Authority) and authenticates the server. This includes the server's SSL version number, cipher settings, session-specific data, an SSL certificate with a public key and other information that the client needs to communicate with the server over SSL. The server responds with a "server hello" message. This includes the client's SSL version number, cipher settings, session-specific data and other information that the server needs to communicate with the client using SSL. The client sends a "client hello" message. The following figure illustrates the steps involved in the SSL handshake: The SSL handshake is an asymmetric cryptography which allows the browser to verify the web server, get the public key and establish a secure connection before the beginning of the actual data transfer. The communication over SSL always begins with the SSL handshake. The SSL handshake and the actual data transfer. The following figure illustrates the steps of SSL communication:Īs you can see in the above figure, SSL communication between the browser and the web server (or any other two systems) is mainly divided into two steps: SSL protocol uses asymmetric and symmetric cryptography to transfer data securely. The most widely used symmetric algorithms are AES-128, AES-192 and AES-256. SSL uses symmetric cryptography using the session key after the initial handshake is done. Both sender and receiver should have this key, which is only known to them. In the symmetric cryptography, there is only one key which encrypts and decrypts the data. Most commonly used asymmetric key encryption algorithms include EIGamal, RSA, DSA, Elliptic curve techniques and PKCS. SSL uses asymmetric cryptography to initiate the communication which is known as SSL handshake. The receiver decrypts it using the related private key. In the asymmetric cryptography, the sender encrypt data with the receiver's public key and send it to the receiver. These keys are used to encrypts or decrypts the data. Public and private keys are mathematical related and were created using cryptographic algorithms which are based on mathematical problems termed one-way functions. The other key in the key pair is kept secret and is called Private Key. In a key pair, one key is shared with anyone who is interested in a communication. SSL fundamentally works with the following concepts:Īsymmetric cryptography (also known as Asymmetric Encryption or Public Key Cryptography) uses a mathematically-related key pair to encrypt and decrypt data. As you learned in the previous chapter, https uses SSL protocol to secure the communication by transferring encrypted data.īefore going deeper, learn how SSL works.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |