• protecting private information with encryption
  
• authenticating sites and clients with X.509 certificates
  

Ciphers fall into two categories:

Symmetric algorithms are faster than public key algorithms, but public key algorithms are required to maintain privacy during the exchange of the faster symmetric keys. To preserve both efficiency and privacy, secure Web transactions begin with a public key exchange, followed by the exchange of a session key that follows a faster, symmetric algorithm.

1. The client submits a request for a secure file.
   
2. Stronghold Web Server returns its site certificate, which contains the site's public key.
   

   Stronghold may also ask for a client certificate for authentication purposes.

3. The client generates a session key.
   
4. The client encrypts the session key using the server's public key.
   
5. The client sends the encrypted session key to the server.
   
6. The server uses its private key to decrypt the session key.
   
7. The server encrypts its subsequent responses with the new session key.
   
8. The client encrypts its replies with the session key.
   

A session may last for one or many transactions, and a session key encrypts the entire session. Each time a new session begins, the client generates a new session key. In the unlikely event that a third party discovers the session key, he cannot use that key to decrypt subsequent sessions because a new one is generated for every session.

The security of the private key in any asymmetric key pair is crucial to the security of a site. To protect your private key, Stronghold stores it in encrypted form and requires a pass phrase on startup.

Authentication is the positive identification of network entities, including clients and sites. Site authentication has been standard on secure servers for some time, because users require assurance that the data they receive from a site is actually being transmitted by that site, rather than by an eavesdropper or "man in the middle." If an eavesdropper can impersonate your site, he can substitute other data in place of the data the user expects to receive. Recently, major browsers also began supporting client authentication. Stronghold Web Server supports both.

SSL authentication takes the form of X.509 certificates. Certificates are issued by Certification Authorities (CAs), which act as trusted third parties. Each certificate contains

• information about the certificate's format
  
• a unique serial number
  
• information about the algorithm used to sign the certificate
  
• the name of the CA that issued the certificate
  
• the validity period of the certificate
  
• identifying information about the "subject" or the entity to whom the certificate belongs
  
• the subject's public key
  
• the issuing CA's signature
  

The CA creates the signature by creating a hash of the body of the certificate, then encrypting it with its private key. Reputable CAs keep their private keys absolutely secret, ensuring that no one can impersonate the CA and issue unauthorized certificates. This prevents a man in the middle from intercepting a certificate, replacing its public key with his own, then spoofing a CA signature for the false certificate.

When one entity receives a certificate from another, it first creates a hash of the body of the certificate, then uses the CA's public key to decrypt the signature and reveal the original hash. If the two hash blocks are identical, authentication is successful. Successful authentication verifies that

• the certificate belongs to the entity that provided it
  
• the public key in the certificate belongs to the same entity
  
• the certificate and the public key have been validated by the CA whose name appears on the certificate
  
• no one has tampered with the certificate
  

Once an entity is authenticated, its public key can safely be used to encrypt subsequent network transactions.