How Secure (SSL) Pages Work

As the internet evolved there came the need to securely exchange data so that no one could listen in to our connection and see our personal information passing by. The standard for many years has been a technology called Secure Socket Layers or (SSL). It allows for a secure connection between your desktop computer and the webserver you want to communicate with.

SSL works on what is known as Public Key Infrastructure. For a transaction there are three parties involved; you, the server you are talking to, and a trusted third party. Website owners must purchase a secure certificate from the third party. The owners then install this certificate onto their websites.

When you visit a site that requires a secure connection you download the certificate from the server you are communicating with. Your computer examines the certificate to make sure there are no immediate problems with it (i.e. it is expired or you are trying to access example.com but the certificate was issues to someoneelse.com). If it passes those checks the browser may check with the issuer to ensure that the certificate is still valid.

If the certificate is valid the transaction can start. This is done with an interesting cryptographic technique called asymmetric encryption. The basics of asymmetric encryption is that there are two keys: a public key that anyone can use to encrypt data with and a private key that is the only key that can be used to decrypt data. What happens is that you encrypt all the inforamtion you are sending to the webserver with the public key and send that to the server. The server uses its private key to decrypt the information and process it. By using asymmetric encryption no one but the server we are talking to can decrypt our information.