How does HTTPS work?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Markus
    Recognized Expert Expert
    • Jun 2007
    • 6092
    #1

    How does HTTPS work?

    I mean, I understand the gist of it to go something like:
    1. Browser receives certificate from server
    2. Browser then queries that this certificate is valid
    3. The two swap encryption keys for deciphering the encrypted data


    Of course it's a little more involved than that, and I may be wrong in my understanding (please correct me, if so). But what I don't understand is: how is this secure? Surely if the server and client are swapping the keys for the encryption this data has to be sent over the network and just like any other data it can be observed. So what do I not understand properly?

    Oh, and hi everybody!
    Tags: None
    • Banfa
      Recognized Expert Expert
      • Feb 2006
      • 9067
      #2
      You are missing a rather important point which is that the certificate contains the sites public key. Once you have queried the certificates issuer to verify it you can then send data to the site encrypted using the public key.

      Because it is a public key the data is secure since the public key can not be used to decrypt the data and the browser can use this encrypted link to securely send the required key to the remote site allowing a fully encrypted and secure link to be set-up.

      Try reading everything linked to starting at

      HTTPS - Wikipedia
      http://en.wikipedia.org/wiki/HTTP_Secure

        Comment

        • Markus
          Recognized Expert Expert
          • Jun 2007
          • 6092
          #3
          Ah! Well that makes sense.

          Thanks.

          Mark (goes to read)

            Comment

            • numberwhun
              Recognized Expert Moderator Specialist
              • May 2007
              • 3467
              #4
              If I may add something as I deal with HTTPS and AS2 connections daily at work (I support a large corporate banking e-commerce system).

              With HTTPS, while the certificates (as you mentioned) are passed over the network, the connection that is eventually established between the two sides is encrypted by the SSL keys. Then, the data files are then encrypted either by the SSL keys or something like PGP, and sent over that encrypted connection.

              Hope this also helps.

              Regards,

              Jeff

                Comment

                Previous template Next
                Working...