What is SSL and How Does It Work?
I’m sure we could all agree that the Internet easily joins fire, agriculture, the printing press, the steam engine, and penicillin as one of the turning points of our species. Any initial predictions that could’ve been made back when it graduated from being a military and academic experiment in the early nineties would likely be seen as a severe understatement today.
As with every new piece of technology, however, there were kinks that needed to be ironed out. One of the challenges that became evident from the Internet’s early days was security. HTTP (HyperText Transfer Protocol) was one of the leading efforts to make the Internet work as we know it to now, but it was (and still is) very simple to mess with.
Websites, e-mail clients, private servers, all these were easy targets for hackers or otherwise antagonistic third parties. And even companies that took great effort to secure their websites would sometimes have to either start from scratch or use third-party services, which were, in turn, also compromisable.
As hackers’ collective knowledge, skill, and tools grew, newer revisions and iterations of different fields of applied science would also need to be adapted for the Internet to work as intended.
This is where SSL (Secure Sockets Layer) comes in. It’s the “S” part of “HTTPS”, but it’s also much more than that.
Cryptographically speaking, SSL falls under the category of asymmetric encryption. How encryption traditionally works is that a message would be turned into a garbled, illegible mess that could only be understood by converting it back into its original state using a key, and it’s this exchange of keys and the way they’re applied to the message where SSL truly shines.
Long ago, spies would meet in shady locations to exchange envelopes, and during World War II Alan Turing would infamously apply his pioneering skills to creating machines that would crack intercepted German ciphers. In both these instances, however, the problem was essentially the same - the codes used were interceptable.
This same problem that applied to spies and WWII communications officers also applied to the early days of the Internet.
In order to understand an encrypted message, a so-called public key would also have to be exchanged, meaning that, yes, that key would also be easily interceptable.
And if you wanted to exchange encrypted data over a secure network, establishing that secure network would also require the exchange of public keys. The way by which SSL’s asymmetric encryption solves this problem is by creating 2 different keys. Information is encrypted using key A and decrypted using key B and vice versa. After generating a pair of these (known as a key pair), a user would pick one and designate it as their public key that they can freely share with whoever they wish (in case this sounds familiar, this is the principle by which cryptocurrency works as well). The second key, however, would be kept absolutely secret. By using the two public keys, two different parties (users, websites, services, etc.) can establish an encrypted connection, where data can now be exchanged freely and securely. Essentially, this means that should this exchange be intercepted, one would only have two different halves that wouldn’t allow them to get access to the information being shared. Using this method to validate the communication between servers and users is how the modern Internet keeps your communication secure. Public keys can also be additionally validated by a third party, which is known as a “certificate”. This is the way in which SSL works. And the best part? You don’t even have to meet some guy in a trench coat in a children’s park at 2AM and exchange envelopes to feel safe anymore.