1 Introduction
Raw TCP/IP networking is dangerous for two reasons:
- It is hard to tell whether the party you think you are talking to is indeed the right one.
- Anyone with access to a subnet through which your data flows can‘tap' the wire and listen for sensitive information such as passwords, credit card numbers, etc.
Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL), which are both often collectively called SSL, solve both problems. SSL uses:
- certificates to establish the identity of the peer
- encryption to make it useless to tap into the wire.
SSL allows agents to talk in private and create secure web services.
The SWI-Prolog library(ssl)
library provides an API to
turn a pair of arbitrary Prolog wire streams into SSL powered
encrypted streams. Note that secure protocols such as secure HTTP simply
run the plain protocol over (SSL) encrypted streams.
The library(crypto)
library provides additional
predicates related to cryptography and authentication, secure hashes and
elliptic curves.
Cryptography is a difficult topic. If you just want to download documents from an HTTPS server without worrying much about security, http_open/3 will do the job for you. As soon as you have higher security demands we strongly recommend you to read enough background material to understand what you are doing. See section 5 for some remarks regarding this implementation. This The Linux Documentation Project page provides some additional background and tips for managing certificates and keys.