Sunday, September 2, 2007

SSL - Concepts Simplified...!?!!!

Secure Socket Layer:
--------------------
The Secure Socket Layer protocol was first introduced by Netscape to ensure secure transations between
webservers and browsers. The protocol uses a third party Certificate Authority (CA) to identify the both end
of the transactions

SSL philosophy:
---------------

1. Client using some browser requests a secure page (https://www.gmail.com)
2. www.gmail.com sends its public key with its certificate
signed by (Thawte Consulting Pty Limited) (dated: 02/09/2007, 20:48)
3. Our browser checks that the certificate was issued by a trusted party (Thawte here), that the certificate is
still valid and the certificate is related to site we just contacted (www.gmail.com here).
4. The Browser then uses the public key send by www.gmail.com to encrypt some random symmetric
encryption key and sends it to www.gmail.com along with the encrypted URL requested as well as other
encrypted data.
5. www.gmail.com decrypts the encrypted symmetric key send by the browser (in step 4) with its private key and uses this
symmetric key to decrypt the URL and http data.
6. www.gmail.com sends back the requested html data encrypted with the symmetric encrytion key send by the
browser in step 4.
7. Our browser decrypts the http data and html document using symmetric key and displays the information.

With this symmetric key the further communication between www.gmail.com and our browser takes place.
Here asymmetric encryption machanism is taking place between browser and www.gmail.com.

Our browser encrypted some key with public key of www.gmail.com and www.gmail.com on recieval of
this encrypted key, decrypted it with its private key. This mechanisms works with public/private key pairs.

This way www.gmail.com sends its public key to every browser requesting its first page and SSL mechanism
undergoes like the above 7 steps.

1 comment:

Yadu Rajiv said...

yes!!! :) it was.. thanchu!