SSL is an abbreviation of Secure Socket Layer, which refers to a secure network communication protocol by combining the public key technology and private key technology. SSL protocol is a secure protocol based on WEB application launched by Netscape Communications Cooperation. SSL protocol specified a layered mechanism provided data security between an application protocol, such as Http, Telenet, NMTP and FTP, etc. and TCP/IP protocol. The SSL protocol provides data encryption, server authentication, information integrity and optional client computer authentication for TCP/IP connection, which mainly is for improving the security of the data between the applications, encrypting and hiding the transferred data and securing the data for not being changed during the data transferring, e.g. securing integrity of the data.
SSL, which combines symmetric cryptography and public-key cryptography, can realize the following three connection objects:
(1) Confidentiality: the data transferred between a SSL client computer and a server is processed by encryption, and the information obtained by the illegal interceptor from the network is cipher text with no meaning.
(2) Integrity: SSL extracts the character value of the transferred information to secure the integrity of the information by using cipher algorithm and Hash function, and ensures that all of the information to be transferred can reach the destination, which prevents the data transferred between the server and the client computer from being destroyed.
(3) Authentic: a client computer and a server can identify each other by using of certificate technology and a trusted third-party authentication. In order to authenticate that the certificate holder is a legal user (not an imposter), and SSL requires that the certificate holders shall exchange digital certificates with each other when they shake hands to secure the legality of the identification of both parties by authentication.
The Public-Key Cryptography Standards (PKCS), developed by RSA Data Security, Inc. in cooperation with its partners, refers to a set of standards for public-key cryptography. PKCS includes a series of associated protocols in aspects of certificate application, certificate update, Certificate Revocation List, extended certificate, digital signature, digital envelope formality, etc. PKCS#11 is called Cryptoki, which defines an independent set of program design interface separated from technology, and is used for the encryption devices such as smart card and a PCMCIA card.
OpenSSL project is a secure project of open source code. Its object is to realize security for the Socket layer (Secure Sockets Layers, SSLv2/v3) and the transport layer (Transport Layer Security, TLS v1). OpenSSL project contains integrated encryption algorithm, digital signature algorithm, and certificate signature algorithm, which secures the integrity, confidentiality, and authentic of the data.
The purpose of the Engine mechanism is to make the OpenSSL to use a software encryption library or a hardware encryption library provided by the third party to perform encryption transparently. The Engine mechanism of OpenSSL achieves this goal successfully, which makes the OpenSSL not only to be an encryption library but also a general encryption interface, which can be coordinated to work with most encryption libraries or an encryption device.