Bag Of Cows


SSL & Digital Signitures

The solution to this problem of communicating securely with strangers, which has basically made E-Commerce viable, was developed in the 1970s (Google 'RSA Encryption') and is based around a clever mathematical function that is mostly one-way, but not always.

If you imagine the modulus (remainder) function, that is a one way function. If you know that the remainder of number A divided by number B is 3, there is no way you can work out from that what the original numbers were. The RSA function uses a pair of keys based on multiplying together very large prine numbers, such that if you encrypt a message using one key, you can only decrypt it using the other one.

You get two keys based on your secret prime numbers. One of them, your public key, you can give out to anyone in the world. The other one, your private key, you keep very secret. Everybody else also does this.

If Alice wants to send a message to Bob, she encrypts it with Bob's public key, which anyone can know. It then doesn't matter if Carol sees it, because only Bob's private key can decode it back to the plaintext message, and only Bob has the private key.

But Carol might be trying to trick them by sending the message and making it look like it comes from Alice.

So what Alice can do is to encrypt the message first with her private key, the re-encrypt the whole thing again with Bob's public key - a bit like one of those dolls within a doll. When Bob gets the message, he decrypts the message with his private key. This leaves him with something which he can't read, but then he can decrypt it using Alice's public key, which reveals the message and also absolutely proves that it must have come from Alice in the first place.

This is called a Digital Signature - not to be confused with the ridiculous practice of signing a piece of paper, scanning it, and then adding it as a graphic to the bottom of emails as if this somehow proves who it came from....

The process of using this encryption for web pages is called SSL (Secure Socket Layer) and is what you get when you put https:// in the browser address field.

<= BackBackgroundCaesar
One Time
all good
Try itNext =>