Chapter 10. Secure Sockets

AT&T has provided the United States National Security Agency with full access to all of its customers’ Internet traffic by copying packets to data-mining equipment installed in secret rooms in its switching centers.[1] Britain’s GCHQ taps into the fiber-optic cables that carry most of the world’s phone calls and Internet traffic.[2] In Sweden, the National Defence Radio Establishment requires fiber-optic cable owners to install fiber mirroring equipment on their premises. And this is just a small sampling of government sponsored eavesdropping we know about.

As an Internet user, you do have defenses against snooping bureaucrats. To make Internet connections more fundamentally secure, sockets can be encrypted. This allows transactions to be confidential, authenticated, and accurate.

However, encryption is a complex subject. Performing it properly requires a detailed understanding not only of the mathematical algorithms used to encrypt data, but also of the protocols used to exchange keys and encrypted data. Even a small mistake can open a large hole in your armor and reveal your communications to an eavesdropper. Consequently, writing encryption software is a task best left to experts. Fortunately, nonexperts with only a layperson’s understanding of the underlying protocols and algorithms can secure their communications with software designed by experts. Every time you order something from an online store, chances are the transaction is encrypted and authenticated ...

Get Java Network Programming, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.