I’ve seen a lot of uninformed guesses, here and elsewhere, about how to break into Jibo, but here is a quick primer on how the internet as a whole works:
- Jibo tries to contact the server, say api.jibo.com
- When contacted, api.jibo.com presents a “certificate” to prove that is indeed the site and not an imposter. These certificates come from a “root authority” and they cost a pretty money to obtain
- Jibo established that it is actually talking to correct site, and now it starts an “SSL handshake” with the server. That means Jibo has somewhere in its software a “key”, a very long indecipherable string of letters, that it uses to encrypt the communication. The server has the complement key to decrypt it and thus understands what Jibo is asking for.
So, to summarize, to break into Jibo, you need a) to present a fake certificate that establishes you are api.jibo.com, b) have the secret key that lets you decrypt Jibo’s communication.