The internet community is buzzing about the “Heartbleed Bug” and “OpenSSL”. At the heart of the “HeartBleed Bug” is SSL, the secure socket layer. So what is SSL and what role does it play in our internet transactions?
The Sockets in the “Secure Sockets Layer” refers to a protocol used by any “client” to communicate with a “server”. A “client” is any web browser, email client or program initiating the transaction. The “server” is the program that fulfills the request of the client.
When the internet started getting used in the early nineties outside the “geek” circles, software programs for banking, e-commerce and a multitude other purposes started getting built and used. However, software researchers needed to find a way to stop sensitive data being transferred transparently over the internet so that it could not be stolen by unscrupulous parties. Due to this need to protect credit card numbers, banking accounts and passwords, the SSL protocol was built in the early nineties.
The SSL Protocol provides for a secure handshake between the client and the server, using encryption to send the data over the wire. Before SSL ever came along, a company named RSA ( now part of EMC) came up with a clever way of encrypting and decrypting messages between two parties using a “public key” and a “private key”.
SSL uses the RSA public and private key encryption along with a digital certificate. We will continue this series of posts to explain what the Private and Public Key mean¬† and how the SSL works with these keys.