Secure Socket Layer

Secure Socket Layer (SSL)

An explanation of SSL and how this extemely powerful encryption works.

What is SSL?

SSL is a form of encryption which can be used to scramble data when it is transfered each way between a server and an Internet browser. A server in this sense will be a computer running special software to provide on line services to Internet users. It is the server which is configured to communicate using SSL encryption and it is a function of all popular Internet browsers such as Netscape and MS Explorer to support and respond to SSL servers when they are encountered during an on line session.

A Simple Matter of Numbers

The basis of SSL encryption is the use of private and public keys. Public and private keys are generated from very large prime numbers. Examples of simple prime numbers such as 17, 23 and 31 illustrate that they can only be divided by 1 or themselves. Computer generated prime numbers containing hundreds of digits provide the basis for very powerful algorythms to encrypt data. A private key is comprised of two prime numbers. The corresponding public key is created by multiplying the two prime numbers together. It will be clear that the public key can be divided by 1, itself and either of the two prime numbers which forms the private key; nothing else. If the size of the numbers being used are sufficiently large, it is impossible for any computer to calculate the two prime number multipliers from the public key. To create a secure server using SSL encryption, a special computer program is used to create a private key and a public key uniquely for that server.

Certificate Authorities

During communications between SSL servers and Internet browsers, it is always the public key which is "published". However, an SSL server never releases its public key in its raw state. Public keys are always subjected to a further mathematical process to produce an "Authentication Signature". Authentication Signatures are computed by a Certificate Authority. This is a third party bureau with its own private/public key attributes. It takes the public key of the SSL server together with the server address and other relevant data and, using its own private key, produces an Authentication Signature. This Signature is then used to sign the "Site Certificate" of the SSL server. As well as the Signature, the Site Certificate contains all relevant information about the SSL server (such as address and expiration date) plus the public key of the Certificate Authority.

A Typical On Line Session

When an Internet browser engages an SSL server, the server’s Site Certificate is presented to the browser. It is the Certificate Authority’s public key which verifies the SSL server and its public key.
Immediatley after the verification process, the Internet browser automatically generates a secret session key. This key may be either 40 or 128 bits depending on whether the browser was purchased inside or outside the USA. This session key is then encrypted with the SSL server public key and sent to the server where it is decrypted with the SSL server private key. At that point, both server and browser have established a link using the same private key.