Introduction to Secure Communications
For e-commerce an other applications a secure connection between the server and client can be essential. Typically, a secure connection involves encrypting data at one end and decrypting it at the other. In this way, even if your data link is being eavesdropped, no one (without a super-computer to spare) can decypher the contents.For web applications, such secure connections typically involve either SSL or S-HTTP (and usually the former). For e-mails and other types of file transfer, a popular standard is PGP. More on these below.
SSL
SSL stands for Secure Sockets Layer and it's basically some software that receives data packets (from the TCP layer) and compresses and encodes them before handing them onto the next piece of the communications software (the application layer and HTTP in particular). HTTP then sends them to the appropriate destination where the reverse happens to obtain the original message.Before encrypting any data, SSL first sends a "Digital Certificate" to the client computer. This does two things:
- Assures the client computer that the services running on the host computer are reputable
- Passes a public key to the client computer
Of course, the above process is completely transparent to the user other than an on screen indication that secure communication is in progress. Should the digital certificate be unsigned, out of date or not match the current domain the browser flags an error to the user and asks if they wish to continue.
SSL comes in various strengths where the main differentiation concerns the length of the key:
- 40 bit - not usually recommended as it has been cracked but is generally cheaper
- 128 bit - recommended for most requirements
- 256 bit - recommended for high security requirements