There have been several discussions about security of your keys when you use them in Steemit.com, or in third party apps like utopian.io or busy.org which connects to the Steem Block chain through Steemconnect API. As part of this tutorial, I am going to de-mystify the technology involved and give the information on why communication through these sites are secure and your keys are always protected.
If you have observed, then Steemit.com starts with https which means all the communication are done through SSL ( Secure Socket Layer). SSL is a technology that establishes a secure communication between your Web browser and the Web site you are communicating, so that all communications transmitted through the site are encrypted and therefore, secure. When you navigate to these sites, SSL handshake happens between your browser and the server and a SSL certificate is obtained from the server and made visible to you in the browser. You will notice a green icon in your browser as shown below, and if you click on the icon and navigate, you can see SSL Certificate details.
Clicking on More information will show you the certificate details
And you can view the certificate as well by clicking on the View certificate button.
A SSL certificate is issued to a site by a CA (Certificate Authority) after the organization passes some validation procedures and checks to confirm the existence of the business, the ownership of the domain, and the business’s authority to apply for the Certificate. In case of steemit.com you can see, its verified by Amazon which is the CA in this case.
If you take v2.steemconnect.com , then its verified by Cloudfare. Inc, another CA. Like your physical identity document, say passport is only issued by your relevant government office, an SSL Certificate is most reliable when issued by a known Certificate Authority (CA). The CA follow very strict rules and policies before issuing the SSL Certificate. So this implies a higher degree of trust.
Now coming to how SSL works, it consists of a pair of keys : public and private. The public key is used to encrypt the information and the private key is used to decrypt the information. So the information you enter in your browser is encrypted using the public key in the certificate and then when it reaches the server, its decrypted by the server using the private key. So only they can read the information, who have the public key and thus can decrypt the information.
So the information you enter in these sites are completely secure during communication.
There are several different types of SSL certificates and the Extended Validation (EV) SSL Certificates provide the highest industry standard for authentication and confirms the best level of customer confidence available. An EV Certificate turns the address bar of your browsers to green, so as you can in cases of these sites, we have the highest standard.
Hope this de-mystifies the concepts and makes you clear and confident about security of your keys used in these site.
Here are some common questions and answers that may also be useful :
- How does someone knows that a site has a valid SSL Certificate?
Ans : A normal Web site displays HTTP:// before the address in the browser (without SSL security ). HTTP stands for Hypertext Transfer Protocol and is the normal way to communicate in the site. However, a Secured website that will display HTTPS:// before the address. (stands for Secure HTTP).
- Why do I need Secure communication with a site ?
Ans : Will you send sensitive information such as banking details to someone in a letter, which everyone can read and steal your money? Definitely not. Secure communication (with SSL) makes sure your sensitive information is protected and not stolen and misused.
Posted on Utopian.io - Rewarding Open Source Contributors