Pay at Paypal with a credit card MacAvon Media Home




A Web Developer's Guide to Secure Communication

Nigel Chapman and Jenny Chapman

Published by MacAvon Media, 166 pages.

ISBN13: 978-0956737-04-5, ISBN10: 0-956737-04-8

Secure communication cover

A short book in the Web Security Topics series, providing a clear guide to the principles of cryptography for Web developers, and to protocols used for securing communication on the World Wide Web, specifically TLS/SSL and HTTPS. Describes the use of public key authentication and public key infrastructure as used by HTTPS. Includes examples in JavaScript/Node.js, key points at the end of every section and a full glossary. 166 pages.

Also available as a Kindle e-book from Amazon. Recommended prices for paperback £7.99 (GBP), $13.99 (USD), €9.99 (EU); Kindle edition £3.49 (GBP), $5.49 (USD), €4.59 (EU), Rs165 (INR, for customers in India only) – actual prices may vary, depending on your location.

First published 2011-12-21

You can look inside this book at or

Lecturers and instructors at recognised educational institutions can obtain a free PDF evaluation copy of this book through a MacAvon Media Lecturer’s Account.

Web applications are often entrusted with sensitive data which must be protected in transit between the Web browser and server to prevent its interception. Networks, especially wireless networks, are susceptible to eavesdropping, and precautions must be taken to ensure that it is not possible to read or interfere with data in the event of interception. Care must also be taken that data goes to its intended destination and is not waylaid en route.

Written for professional and student Web developers, this little book provides a clear, non-mathematical introduction to the essentials of cryptography and to the protocols used for securing communication on the World Wide Web, specifically TLS/SSL and HTTPS. Drawing on a thorough understanding of computing principles and many years experience in Web application development, the authors explain both the underlying theory and the available techniques for protecting sensitive data in transit to and from Web applications. The examples focus especially on the requirements of small e-commerce sites. Short working programs written in JavaScript/Node.js are provided throughout the book and via the companion site

Topics covered include:

• Encryption and decryption of data
• Principles underlying ciphers such as DES and AES
• Message authentication using SHA and HMAC
• Using OpenSSL for encryption and hash computation
• Public key cryptography and certificates
• Digital signatures

Table of Contents

(Chapter openings are shown in bold.)

About This Book vii
Introduction 1
Cryptography 11
Secret Key Cryptography 15
Substitution Ciphers 15
Cryptographically Secure Random Numbers 28
Block Ciphers 30
Iterated Block Ciphers 36
Block Cipher Modes 44
Using Standard Ciphers 45
Key Points 50
Public Key Cryptography 52
Key Points 61
Cryptographic Hash Functions and MACs 63
Hash Functions 63
Message Authentication Codes 67
Key Points 72
Secure Transmission 73
Security Protocols 76
Some Notation 76
Digital Signatures 78
Public Key Certificates 84
Key Points 92
Secure Communication and the Web 94
Ad Hoc Use of Public Key Encryption 94
Key Points 120
Appendix: Complexity Theory and Public Key Cryptography 123
Key Points 130
Glossary 131
Index 145
Electronic Formats and PDF Offer 151