Digital signatures are a variant of the public key encryption technique which are used not to encrypt data, but to ensure that data has not been changed since it was initially created. This is to prevent, for example, an email message being intercepted and changed before being forwarded to its intended destination.

A digital signature is composed of a numerical value (hash) generated from two parts: A private key (generally obtained from a third party certification authority as detailed above) and the unique contents of the data itself. This digital signature is then transferred along with the data. When the intended recipient receives the data, a new numerical hash is made from its contents and compared with the one that was included in the digital signature to verify that it has not been changed.

The sender's freely available public key is then used to verify that the signature was created with the corresponding private key. Combined with encryption, digital signatures provide excellent security for file transfers such as email. The PGP Corporation offers a freeware email client for encrypting and digitally signing email.

When two computers wish to establish an encrypted connection (let's say in this case a customer logging in to a secure area of a website), the client connects to the server on port 443 (SSL well-known port) and receives the digital certificate, containing the server's public key. The client's browser then checks the digital certificate against the list of valid certificates provided by the original issuer (i.e. a certification authority such as Verisign).

If it cannot find a record of the certificate, it warns the client that the certificate was not provided by a recognized certification authority and asks if they wish to accept it. Assuming the certificate was validated, or the client accepted it regardless, the client's browser then generates a symmetrical 'secret key' that it encrypts with the server's public key obtained from the digital certificate.

The server receives the 'secret key' and decrypts it with its private key. It then generates a second symmetrical key and transmits this to the client. The pair of symmetrical keys will then be used to encrypt and decrypt all remaining data passed between the computers for this session only (a session is one continuous connection).

Essentially SSL wraps the speed of symmetrical key encryption up in the enhanced security and easier setup of public key encryption.

As stated previously, the encryption methods we are discussing use a numerical key value to encrypt and decrypt the data. The 'strength' of this key can be explained as the number of bits (a bit being a binary number, either 1 or 0) used to create this key.

The more bits, the longer it would take an interested party to decipher the key by the brute force method of guessing every possible combination. Two strengths of SSL encryption are generally available for purchase from certification authorities such as Verisign. 40-bit and 128-bit. 128-bit is considered the standard for secure communication, as it would take a vast amount of time for even modern super-computers to test every possible number combination in a 128-bit binary. In fact, one of the applications driving the research into quantum computing is the need for a faster way to break 128-bit encryption for defence applications.