What is SSL?
SSL is based on Encryption and Identification parameters.
Encryption is hiding what is sent from one computer to another.
Identification is making sure the computer you are speaking to is the one you trust.
SSL is used for encrypting the data, when data is send from one computer to other. If any outside intruder tries to get the information of encrypted data it appears to him as a garbage.
when data is send in SSL, the action in HTML begins with 'HTTPS'. It indicates it wants to submit the data securely.
Then Handshake process starts
1) Initially Computers agree on how to encrypt
2) Then Server sends Certificate
3) Your computer says 'start Encrypting'
4) Then server says 'start Encrypting'
5) All messages are then encrypted
At First stage, Client Computer sends Hello message to Server.In this Hello message, the information shared is RSA key,Diffie-Hellman,Cipher like aes, des, hashing technique like hmach-md5, hmac-sha. also version number and random number used for encryption.
Second stage, Server sends Certificate to client on basis of information it gets from client, Certificate has client key exchange, cipher spec.
In this third process, both client and server computer calculates master secret code. after that client computer asks server to encrypt and then encryption process starts.
Then server starts cipher texting and it encryps the data and sends it.
Identification also plays the important role in trusting the server. when client receives the certificate, how does it trust it?
Who to trust?
Company asks CA (Certificate Authority) for a Certificate, in this Server has to be signed by CA. CA will look out at the details of company, verify the details and authenticity and sign the certificate, this signed Certificate is installed in Web servers.Browsers will trust correctly signed certificate only.
At Initial stage, when Company asks CA for Certificate, the compnay has to give its information about the web Server, what the company is about, where it is located. the CA then checks the correctness and authenticity of company
CA then creates Certificates and signs it, the certification info contains Serial Number, Version, algorithm iD, Issuer, Validity, Co-Details, Public key Indfo, Identifier for issuer, Identifier for Company, Signature algorithm and Signature.Signature is created by condensing all information into a number (by using hash function).Then encrypting that number with private key.
Certificate installed in a server. The created certificate is given to Compnay, who installs it in a server.Web Server is configured to use the Certificate. Browser issues with root Certificate . Browser checks the authenticity and trust the correctly signed Certificates only. So when Browser receives data on web Server it checks the signature of the data through its signed Certificate.
No comments:
Post a Comment