We are in the process of certifying our health care product (Hitech certification). One of the criteria of the certification process is that our product should be capable of using "hashing" when sending patient information over the network. Our product is a thick client that connects directly to Sql Server 2005 database. So when we send patient information from client to DB store procedure, it should use "hashing" to make sure that the information wasn't altered in transit.
Now, we are planning to connect our client to the Sql Server using SSL secure connection. When I read about SSL protocol, it seems like SSL uses hashing internally. So if thats true, I could automatically satisfy the hashing requirement by using SSL connection between client and sql svr.
So here are my Questions
When data is transmitted over an SSL connection, is each message attached with a hash internally, such that the SSL protocol verifies that data hasnt been modified?
Yes. It appends a keyed MAC to each TLS record exchanged.
Does SSL use the hashing mechanism only during the initial steps of its handshake?
No, it occurs throughout.
If SSL does attach a hash for each message, is the "public key" used to create the hash?
No. A shared secret is used to create the hash.
See RFC2246 for details.