Encrypting Private Data with SSL

The Secure Sockets Layer protocol provides communications privacy over networks by using a combination of public key cryptography and bulk data encryption for data privacy. By using this protocol, clients and servers can communicate in a way that prevents eavesdropping, tampering, or message forgery.

Simplified Overview of SSL

Cryptography is a complex topic based on mathematics. To fully explain public key cryptography is outside the scope of this book. However, the following simplified explanation allows some basic understanding of SSL and public key cryptography. For more information about cryptography, consult the Internet or your local library.

Cryptographic keys are created at the same time in pairs: a public key and a private key. The public key is given to anyone (and is often made available though a public agency, such as a certificate authority). The private key is kept and safeguarded by you. Both keys are required for any exchange of information.

Internet Explorer encrypts data—such as a Hypertext Markup Language (HTML) form with private information—by using your server's public key. The encrypted data is sent to the server. The data is decrypted by the server, which uses its private key. The data can be decrypted only with the private key, held by the server.

Key Manager is used to generate the key pair and to activate the generated key. A key is not active until you send the certificate request file generated by Key Manager to your certificate authority.

For more information about using Key Manager, see the Internet Information Server Installation and Administration Guide.

Using SSL

Secure Sockets Layer is most effectively used by encrypting only communication that contains private data, such as credit card numbers, addresses, or company records. Because SSL uses your computer's processor to encrypt data, it takes much longer to retrieve and send data from SSL-enabled directories.

In your SSL-enabled directory, place only those pages that have or will receive sensitive information. Also, keep the content of pages in an SSL-enabled directory free from unnecessary elements because every item on the page will be encrypted, including simple graphics. Every element on the page increases the time it takes to transmit the data.