Deepak Thapa

• May 7th, 2013

 

SSL uses both symmetric and asymmetric encryption algorithms. Symmetric algorithms use the same key to encrypt and decrypt data. They are faster than asymmetric algorithms but can be insecure. Asymmetric algorithms use a pair of keys. Data encrypted using one key can only be decrypted using the other. Typically, one of the keys is kept private while the other is made public. Because one key is always kept private, asymmetric algorithms are generally secure; however, they are much slower than symmetric algorithms. To reap the benefits of both algorithms, SSL encapsulates a symmetric key that is randomly selected each time inside a message that is encrypted with an asymmetric algorithm. After both the client and server possess the symmetric key, the symmetric key is used instead of the asymmetric ones.
When server authentication is requested, SSL uses the following process:

1) To request a secure page, the client uses HTTPS.
2) The server sends the client its public key and certificate.
3) The client checks that the certificate was issued by a trusted party (usually a trusted Certificate Authority) that the certificate is still valid, and that the certificate is related to the contacted site.
4) The client uses the public key to encrypt a random symmetric encryption key and sends it to the server, along with the encrypted URL required and other encrypted HTTP data.
5) The server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and HTTP data.
6) The server sends back the requested HTML document and HTTP data that are encrypted with the symmetric key.
7) The client decrypts the HTTP data and HTML document using the symmetric key and displays the information.