| | SSL Encryption
What is SSL?
SSL (Secure Sockets Layer) is a protocol for encrypting and decrypting data sent across direct Internet connections. When a client makes an SSL connection with a server, all data sent to and from that server is encrypted to keep your data confidential.
The process by which information is transferred using SSL encryption is easy:
Step 1. The client makes the initial connection with the server and requests that an SSL connection be made.
Step 2. If the server is properly configured, the server will send to the client its certificate and public key.
Step 3. The client uses that public key to encrypt a session key and sends the session key to the server. If the server asks for the client's certificate in Step 2, the client must send it at this point.
Step 4. If the server is set up to receive certificates, it compares the certificate it received with those listed in its trusted authorities database and either accepts or rejects the connection.
If the connection is rejected, a fail message is sent to the client. If the connection is accepted, or if the server is not set up to receive certificates, it decodes the session key from the client with its own private key and sends a success message back to the client, thereby opening a secure data channel.
Glossary of Terms
Client
Any FTP program that is able to make an SSL connection.
Certificate
The Certificate file holds the identification information of the client or server. This file is used during the connection negotiations to identify the parties involved. In some cases, the client's certificate must be 'signed' by the server's certificate in order to open an SSL connection. Certificate files have the .crt ending.
Session Key
The session key is what both the client and server use to encrypt data. It is created by the client.
Public Key
The public key is the device with which the client encrypts a session key. It does not exist as a file, but is a byproduct of the creation of a certificate and private key. Data encryption with a public key can only be decrypted by the private key that made it.
Private Key
The private key decrypts the client's session key that is encrypted by a public key. The private key file has the .key ending. Private keys should NEVER be distributed to anyone.
Certificate Signing Request
A certificate signing request is generating each time a certificate is created. This file is used when you need to 'sign' a certificate. Once the Certificate Signing Request file is signed, a new certificate is made and can be used to replace the unsigned certificate.
| |
|
|
