Secure Socket Layer

Question: What is Secure Socket Layer? Answer: Secure Socket Layer (SSL) is an old protocol deprecated in favor of Transport Layer Security (TLS). This protocol is used for secure transmission of data. It offers confidentiality Integrity and authentication. It is the primary way to secure web traffic. For Confidentiality, we use Diffie-Hellman or RSA for the key exchange. The actual encryption is done using AES. Authentication is essential for the security of the communication. This SSL protocol is implemented by OpenSSL, which is used to secure electronic commerce transactions on the internet. Certificates are just a public key with some information attached to it. The server stores the private key secretly corresponding to this public key. TLS uses these keys to authenticate the server to the client. In cryptography, messages are encrypted with the public key, can be decrypted only with the private key. Whereas messages encrypted with the private key, is decrypted with both private and public keys. In this assignment, we have implemented generation of digital certificate using OpenSSL. In this, first a hash is made for the certificate and is encrypted with the private key, and appended to the certificate to create a new certificate. Then the clients receive this new certificate from the server. For verification of this certificate, the client decrypts the hash using the Certificates public key. Then the client calculates its own hash and compares them. If both are equal, then the certificate is valid. If server sends the original unencrypted message back, then it sends a message to the server encrypted with the public key. Now it is considered as authenticated. Overall this process ensures that the server will have access to the private key. The public key correspond to this key is used to encrypt the hash. This encrypted hash appended to the certificate is called a Digital Signature. Self-signed certificate are the ones, digitally signed by the server on its own certificate. These kind of certificates are very useful in some scenarios. They can be created quickly, free of charge and are also good for internal communication and prototyping. References: Didier Stevens,Make Your Own Cert WithOpenSSL, 30 December. Encryption in SAS(R) 9.4, Fifth Edition. Holt Sorenson, An Introduction to OpenSSL, Part Three: PKI- Public Key Infrastructure, 19 September.