There have been several discussions about security of your keys when you use them in Steemit.com, or in third party apps like utopian.io or busy.org which connects to the Steem Block chain through Steemconnect API. As part of this tutorial, I am going to de-mystify the technology involved and give the information on why communication through these sites are secure and your keys are always protected.
If you have observed, then Steemit.com starts with https which means all the communication are done through SSL ( Secure Socket Layer). SSL is a technology that establishes a secure communication between your Web browser and the Web site you are communicating, so that all communications transmitted through the site are encrypted and therefore, secure. When you navigate to these sites, SSL handshake happens between your browser and the server and a SSL certificate is obtained from the server and made visible to you in the browser. You will notice a green icon in your browser as shown below, and if you click on the icon and navigate, you can see SSL Certificate details.
Clicking on More information will show you the certificate details
And you can view the certificate as well by clicking on the View certificate button.
A SSL certificate is issued to a site by a CA (Certificate Authority) after the organization passes some validation procedures and checks to confirm the existence of the business, the ownership of the domain, and the business’s authority to apply for the Certificate. In case of steemit.com you can see, its verified by Amazon which is the CA in this case.
If you take v2.steemconnect.com , then its verified by Cloudfare. Inc, another CA. Like your physical identity document, say passport is only issued by your relevant government office, an SSL Certificate is most reliable when issued by a known Certificate Authority (CA). The CA follow very strict rules and policies before issuing the SSL Certificate. So this implies a higher degree of trust.
Now coming to how SSL works, it consists of a pair of keys : public and private. The public key is used to encrypt the information and the private key is used to decrypt the information. So the information you enter in your browser is encrypted using the public key in the certificate and then when it reaches the server, its decrypted by the server using the private key. So only they can read the information, who have the public key and thus can decrypt the information.
So the information you enter in these sites are completely secure during communication.
There are several different types of SSL certificates and the Extended Validation (EV) SSL Certificates provide the highest industry standard for authentication and confirms the best level of customer confidence available. An EV Certificate turns the address bar of your browsers to green, so as you can in cases of these sites, we have the highest standard.
Hope this de-mystifies the concepts and makes you clear and confident about security of your keys used in these site.
Here are some common questions and answers that may also be useful :
- How does someone knows that a site has a valid SSL Certificate?
Ans : A normal Web site displays HTTP:// before the address in the browser (without SSL security ). HTTP stands for Hypertext Transfer Protocol and is the normal way to communicate in the site. However, a Secured website that will display HTTPS:// before the address. (stands for Secure HTTP).
- Why do I need Secure communication with a site ?
Ans : Will you send sensitive information such as banking details to someone in a letter, which everyone can read and steal your money? Definitely not. Secure communication (with SSL) makes sure your sensitive information is protected and not stolen and misused.
Posted on Utopian.io - Rewarding Open Source Contributors
Good to know, feel safe now, will check the green icon for sure.
Nice teaching for us. Helps to understand.
In fact its super simple for a lay man like me :)
Well written @sanjeevm :)
Thanks for such an elaborate and simple article for our understanding...keep it up
At last now I understand a bit, thank you for this great article.
So simply explained 👍
So its secure as good as other bank sites ?
Yes it is. 100 percent.
Your contribution cannot be approved yet because it is not as informative as other contributions. See the Utopian Rules. Please edit your contribution and add try to improve the length and detail of your contribution (or add more images/mockups/screenshots), to reapply for approval.
You may edit your post here, as shown below:
You can contact us on Discord.
[utopian-moderator]
It is not as informative as other contributions - I am not sure what you mean by this, do you have a rule to say these many words or these many screen shots are needed for a post to be approved. Its a very vague description of rejection, not mentioning why it fails. And each contribution has its own context, in this tutorial, I have shown how the secure communication protects the end users identity by keeping it safe in transmission. So unless you tell me, its difficult to know which rules it does not follow.
I also looked at your rules and cannot figure out why it fails.
I discussed the case with other moderators. It was noted that the contribution is about SSL certificates and not about stremconnect. Hence, this contribution is not about open source software. It cannot be accepted as a valid tutorial.
Please reach to our discord channel for further redressal of your grievance. Thank you,
Your contribution cannot be approved because it does not follow the Utopian Rules.
You can contact us on Discord.
[utopian-moderator]
Its about how these platforms communicates, I have updated the post still, if you say it cannot be approved, then what is the point of discussion ?