- Nigel Chapman and Jenny Chapman
- 978-0-9567370-4-5
- MacAvon Media, pb. 166 pages
- 21 December 2011
- Kindle edition (ASIN B0071BI23I)
The Web Security Topics Series
A Web Developer's Guide to Secure Communication
Paperback prices: £7.99 (GBP), $13.99 (USD), €9.99 (EU) – prices at booksellers may vary.
Kindle edition prices approximately: £3.49 (GBP), $5.49 (USD), €4.59 (EU), Rs176 (INR, for customers in India only) – prices may vary, depending on your location.
A clear guide to the principles of cryptography for Web developers, and to protocols used for securing communication on the World Wide Web, specifically TLS/SSL and HTTPS. Describes the use of public key authentication and public key infrastructure as used by HTTPS. Includes key points and a full glossary of technical terms.
This book is available in paperback and as a Kindle edition. You do not need a Kindle device to read Kindle books. Amazon provide free Kindle reading applications for most tablets as well as for Mac OS and Windows.
Code Examples
All the JavaScript code examples featured in this book are available in a repository at Github. Please read the Code Examples page on this site for more details.
Errata
There is a stupid bug in Listing 5 on page 35, the transposition cipher. JavaScript arrays are assigned by reference, so this._keys and this._sorted_keys both point to the same array. Using a well-known trick, this can be rectified by replacing line 5 with
this._sorted_keys = this._keys.slice(0).sort();
The code in the repository has been updated accordingly.
Full Description
Web applications are often entrusted with sensitive data which must be protected in transit between the Web browser and server to prevent its interception. Networks, especially wireless networks, are susceptible to eavesdropping, and precautions must be taken to ensure that it is not possible to read or interfere with data in the event of interception. Care must also be taken that data goes to its intended destination and is not waylaid en route.
Written for professional and student Web developers, this little book provides a clear, non-mathematical introduction to the essentials of cryptography and to the protocols used for securing communication on the World Wide Web, specifically TLS/SSL and HTTPS. Drawing on a thorough understanding of computing principles and many years experience in Web application development, the authors explain both the underlying theory and the available techniques for protecting sensitive data in transit to and from Web applications. The examples focus especially on the requirements of small e-commerce sites. Short working programs written in JavaScript/Node.js are provided throughout the book and via this Web site.
Topics covered include:
- Encryption and decryption of data
- Principles underlying ciphers such as DES and AES
- Message authentication using SHA and HMAC
- Using OpenSSL for encryption and hash computation
- Public key cryptography and certificates
- Digital signatures
- TLS/SSL
- HTTPS
Table of Contents
- About This Book vii
- Introduction 1
- Cryptography 11
- Secret Key Cryptography 15
- Substitution Ciphers 15
- Cryptographically Secure Random Numbers 28
- Block Ciphers 30
- Iterated Block Ciphers 36
- Block Cipher Modes 44
- Using Standard Ciphers 45
- Key Points 50
- Public Key Cryptography 52
- Key Points 61
- Cryptographic Hash Functions and MACs 63
- Hash Functions 63
- Message Authentication Codes 67
- Key Points 72
- Secret Key Cryptography 15
- Secure Transmission 73
- Security Protocols 76
- Some Notation 76
- Digital Signatures 78
- Public Key Certificates 84
- Key Points 92
- Secure Communication and the Web 94
- Ad Hoc Use of Public Key Encryption 94
- TLS/SSL 101
- HTTPS 109
- Key Points 120
- Security Protocols 76
- Appendix: Complexity Theory and Public Key Cryptography 123
- Key Points 130
- Glossary 131
- Index 145