Digital signatures are a
variant of the public key encryption technique which are used not to encrypt
data, but to ensure that data has not been changed since it was initially
created. This is to prevent, for example, an email message being intercepted and
changed before being forwarded to its intended destination.
A digital signature is composed of a numerical
value (hash) generated from two parts: A private key
(generally obtained from a third party certification
authority as detailed above) and the unique
contents of the data itself. This digital signature is then transferred along
with the data. When the intended recipient receives the data, a
new numerical hash is made from its contents and
compared with the one that was included
in the digital signature to verify that
it has not been changed.
sender's freely available public key is then used to verify that the signature
was created with the corresponding private key. Combined with encryption,
digital signatures provide excellent security for file transfers such as email.
The PGP Corporation
offers a freeware email client for
encrypting and digitally signing email. How SSL works (a bundle of keys)
When two computers
wish to establish an encrypted connection (let's say in this case a customer
logging in to a secure area of a website), the client connects to
the server on port 443 (SSL well-known port) and receives the digital
certificate, containing the server's public key. The client's browser then checks
the digital certificate against the list of valid certificates provided by the
original issuer (i.e. a certification authority such as Verisign).
If it cannot find a record of the certificate, it
warns the client that the certificate was not provided by a recognized
certification authority and asks if they wish to accept it. Assuming the
certificate was validated, or the client accepted it regardless, the client's
browser then generates a symmetrical 'secret key' that it encrypts with the
server's public key obtained from the digital certificate.
The server receives the 'secret key' and decrypts it with
its private key. It then generates a second symmetrical key and transmits this to
the client. The pair of symmetrical keys will then be used
to encrypt and decrypt all remaining data passed between the computers for this
session only (a session is one continuous connection).
Essentially SSL wraps the speed of symmetrical key
encryption up in the enhanced security and easier setup of public key
encryption. Encryption strength
As stated previously, the encryption methods we are discussing
use a numerical key value to encrypt and decrypt the data.
The 'strength' of this key can be explained as the number of
bits (a bit being a binary number, either 1 or 0) used to create
The more bits, the longer it would take an
interested party to decipher the key by the brute force method of guessing every
possible combination. Two strengths of SSL encryption are generally available
for purchase from certification authorities such as Verisign. 40-bit and
128-bit. 128-bit is considered the standard for secure communication, as it
would take a vast amount of time for even modern super-computers to test every
possible number combination in a 128-bit binary. In fact, one of the applications driving the research into quantum
computing is the need for a faster way to break 128-bit encryption for defence