chuckmalani Posted April 22, 2003 Share Posted April 22, 2003 OK- i will admit before this, i had no clue what SSL means besides "secure socket layer". I knew its a means of encryption for transmitting data, and i think its what make the "s" on the end of "https" when i log into my bank or other secure area. I also notice that I can log into my webmail "securely", and it moves me to port 2096 and throws the s on the http for me. Ok, I'm asking this because I need a "Digital ID" to use as a "Digital Signiture" to securely sign my emails. According to Verisign, a Dig ID includes the Your public keyYour name and e-mail address Expiration date of the public key Name of the company (the Certification Authority (CA)) who issued your Digital ID Serial number of the Digital ID Digital signature of the CA It goes on to say that when you send a "Digitally Signed" email, it sends the public portion of your Digital ID and the message into a hash function which spits out a Message Digest. Then it takes your private key from the digital ID and ecrypts the digest. Then it sends the email with 2 things, the message text and the Digital ID and encrypted message digest as attachments... When someone gets the email, it uses my public ID to decrypt the digest. Then the recipient's email program will run the same hash function on the message text and come up with their digest. if the 2 digests are identical, that means that your email was unaltered. so... now i understand more about Digital ID's. What I still don't get is what SSL is, and how it relates to this. From whatis.com: The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. Does that mean that if I click "Click for Secure Site" on the webmail page, that I am using webmail via SSL, so that would include a digital certificate? I'm thinking that by clicking the Secure site link, I'm enabling my own Digital ID (not exactly the same as VeriSign's, but similiar?) If so, how can i prove that I'm using it, in case we get audited? Thanks in advance, chuck Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.