| |||||
| |||||
The Secure Sockets Layer (SSL) protocol provides encrypted and authenticated communication between the client and the server, based on public-key cryptography. To send an encrypted message, the sender encrypts the message with the recipient's public key, and the recipient decrypts the message with the recipient's private key. Only the recipient has the private key that can decrypt the message.
To help guarantee authenticity, a certificate accompanies the public key. A certificate is a digital signature on a digest of the friendly (human readable) name of the participant, together with the participant's public key. The certificate is encrypted with the private key of the certifying authority. To check the authenticity of the public key of the participant, anyone can compute the digest of the friendly name and public key for that participant and can decrypt the certificate for that public key by using the public key of the certifying authority and check that the same digest results.