Your Web server’s Secure Sockets Layer (SSL) security feature utilizes a technique known as public key Encryption to shield the session key from interception during transmission.

Public key algorithms use two different keys: a public key and a private key. The private key is held privately by the key pair’s owner, and the public key is distributed to anyone who requests it. If one key is used to encrypt a message, the other key is required to decrypt the message.

Digital signatures and digital envelopes are produced using two different but related processes. Creating a digital signature involves using the sender’s private key, whereas creating a digital envelope uses the intended recipient’s public key.

Digital Signatures Authenticate Authorship

Digital signatures are used to confirm authorship, not to encrypt a message. The sender uses their private key to generate a digital signature string bundled with the news. Upon receipt of the notice, the recipient uses the sender’s public key to validate the signature. Because only the signer’s public key can be used to verify the signature, the digital signature proves that the message sender’s identity is authentic.

Digital Envelopes Encrypt Messages

Digital envelopes are used to send private messages that can only be understood by a particular recipient. The sender encrypts the message using the recipient’s public key to create a digital envelope. The message can only be decrypted using the recipient’s private key, so only the recipient can understand the message.

You can configure your web server’s SSL security features to guarantee your content’s integrity, verify users’ identities, and encrypt network transmissions.

Your Web server requires a valid server certificate to establish SSL secure communications. Use the Key Manager utility to generate a certificate request file. If you aren’t using Microsoft Certificate Server 1.0 to issue your server certificates, a third-party CA must approve your application and issue your server certificate. You can either forward your request file to the authority or use Key Manager to deliver the request to an online source. After you receive a server certificate file, use Key Manager to install it on your computer.

Data Encryption Techniques

Cryptography

Cryptography provides a set of techniques for encrypting data and messages to be stored and transmitted securely. Cryptography can achieve secure communications even when the transmission medium—like the Internet—is untrustworthy. Cryptography can also encrypt sensitive files so an intruder cannot understand them.

Encryption

• When a message is encrypted, an encryption key is used.
• To decrypt the message, the corresponding decryption key must be used.
• It is imperative to properly restrict access to the decryption key because anyone possessing it can decrypt all messages encrypted with the matching encryption key.

Public-Key Algorithms

Public-key algorithms use two different keys: a public key and a private key. The private key is kept confidential to the owner of the key pair—the public key is distributed to anyone who requests it, often through a digital certificate. If one key is used to encrypt a message, the other key is required to decrypt the message.

Digital Signatures and Digital Envelopes

Digital signatures and digital envelopes are produced using two different but related processes. Creating a digital signature involves using the sender’s private key, whereas creating a digital envelope uses the intended recipient’s public key.

Digital Signatures

Digital signatures are used to confirm authorship, not to encrypt a message. The sender uses their private key to generate a digital signature string bundled with the news. Upon receipt of the notice, the recipient uses the sender’s public key to validate the signature. Because only the signer’s public key can be used to validate the signature, the digital signature proves that the message sender’s identity is authentic.

Digital Envelopes

Digital envelopes are used to send private messages that can only be understood by a specific recipient. The sender encrypts the message using the recipient’s public key to create a digital envelope. The message can only be decrypted using the recipient’s private key, so only the recipient can understand the message.

Digital Certificates

Authenticity of Public Keys

1. The use of digital signatures and envelopes assumes that the identity of the public key owner used to encrypt or decrypt a message is established beyond doubt.
2. To guarantee the authenticity of public keys, Microsoft Certificate Server provides digital certificates as a secure method of exchanging public keys over a nonsecure network.

Certificate Authorities

A digital certificate is a set of data that completely identifies an entity and is issued by a Certificate Authority (CA) only after that authority has verified the entity’s identity. The data set includes the public cryptographic key tendered to the entity.

When the sender of a message signs the message with its private key, the recipient can use the sender’s public key (retrieved from the certificate either sent with the letter or available elsewhere in the directory service) to verify that the sender is legitimate.

Certificate Revocation Lists

Like most real-world forms of identification, certificates can expire and no longer be valid. The CA can also revoke them for other reasons. TheCA maintains a Certificate Revocation List (CRL). to handle invalid certificates. The CRL is available to network users to determine the validity of any given certificate.

Private communication on the Internet using Encryption

Personal touch on the Internet depends upon the ability to prevent anyone except the intended recipient from being able to read a message—even though anyone on the network might be able to intercept it.

The need for privacy and authentication over nonsecure networks requires some form of data encryption and decryption, otherwise known as cryptography, as part of a software security system. Cryptographic protocols employing certificates are designed to address these needs.

When a message is encrypted, an encryption key is used. To decrypt the message, the corresponding decryption key must be used. It is essential to properly restrict access to the decryption key because anyone who possesses it can solve all encrypted messages with the matching encryption key.

Encryption is scrambling information by applying a mathematical function, making retrieving the original data challenging for anyone other than an intended recipient. Central to this process is a mathematical value, called a key, used to scramble the information uniquely and complexly.

Your Web server uses the same encryption process to secure communication links with users. After establishing a secure connection, a unique session key is used by both your web server and the user’s web browser to encrypt and decrypt information. For example, when an authenticated user attempts to download a file from a Web site requiring a secure channel, your Web server uses a session key to encrypt the file and related HTTP headers. After receiving the encrypted file, the Web browser then uses a copy of the same session key to recover the file.

This method of Encryption, although secure, has an inherent drawback. While creating a safe link, a copy of the session key might be transmitted across an unsecured network. Therefore, a computer vandal intent on compromising the link only needs to intercept and steal the session key. To safeguard against this possibility, your Web server implements an additional Encryption method.

The use of digital signatures and envelopes assumes that the identity of the public key owner used to encrypt or decrypt a message is established beyond doubt.

A digital certificate is a set of data that completely identifies an entity and is issued by a Certificate Authority (CA) only after that authority has verified the entity’s identity. The data set includes the public cryptographic key tendered to the entity. When the sender of a message signs the message with their private key, the recipient can use the sender’s public key to verify that the sender is legitimate. The recipient retrieves the sender’s public key from the certificate either sent with the message or available elsewhere in the directory service.