SSL uses both symmetric and
asymmetric encryption algorithms.
Symmetric algorithms use the same key to encrypt and decrypt data.
They are faster than asymmetric algorithms but can be insecure.
Asymmetric algorithms use a pair of keys. Data encrypted using one
key can only be decrypted using the other. Typically, one of the
keys is kept private while the other is made public. Because one
key is always kept private, asymmetric algorithms are generally secure;
however, they are much slower than symmetric algorithms. To reap
the benefits of both algorithms, SSL encapsulates a symmetric key
that is randomly selected each time inside a message that is encrypted
with an asymmetric algorithm. After both the client and server possess
the symmetric key, the symmetric key is used instead of the asymmetric
ones.
When server authentication is requested, SSL uses the
following
process:
- To request a secure page, the client uses HTTPS.
- The server sends the client its public key and certificate.
- The
client checks that the certificate was issued by a trusted
party (usually a trusted Certificate Authority) that the certificate
is still valid, and that the certificate is related to the contacted
site.
- The client uses the public key to encrypt a random symmetric
encryption
key and sends it to the server, along with the encrypted URL required
and other encrypted HTTP data.
- The server decrypts the symmetric
encryption key using its private
key and uses the symmetric key to decrypt the URL and HTTP data.
- The server sends back the requested HTML document and HTTP data
that are encrypted with the symmetric key.
- The client decrypts
the HTTP data and HTML document using the
symmetric key and displays the information.