468,771 Members | 1,861 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,771 developers. It's quick & easy.

How does HTTPS work?

Markus
6,050 Expert 4TB
I mean, I understand the gist of it to go something like:
  1. Browser receives certificate from server
  2. Browser then queries that this certificate is valid
  3. The two swap encryption keys for deciphering the encrypted data

Of course it's a little more involved than that, and I may be wrong in my understanding (please correct me, if so). But what I don't understand is: how is this secure? Surely if the server and client are swapping the keys for the encryption this data has to be sent over the network and just like any other data it can be observed. So what do I not understand properly?

Oh, and hi everybody!
Jan 26 '11 #1

✓ answered by Banfa

You are missing a rather important point which is that the certificate contains the sites public key. Once you have queried the certificates issuer to verify it you can then send data to the site encrypted using the public key.

Because it is a public key the data is secure since the public key can not be used to decrypt the data and the browser can use this encrypted link to securely send the required key to the remote site allowing a fully encrypted and secure link to be set-up.

Try reading everything linked to starting at

http://en.wikipedia.org/wiki/HTTP_Secure

3 6149
Banfa
9,058 Expert Mod 8TB
You are missing a rather important point which is that the certificate contains the sites public key. Once you have queried the certificates issuer to verify it you can then send data to the site encrypted using the public key.

Because it is a public key the data is secure since the public key can not be used to decrypt the data and the browser can use this encrypted link to securely send the required key to the remote site allowing a fully encrypted and secure link to be set-up.

Try reading everything linked to starting at

http://en.wikipedia.org/wiki/HTTP_Secure
Jan 27 '11 #2
Markus
6,050 Expert 4TB
Ah! Well that makes sense.

Thanks.

Mark (goes to read)
Jan 27 '11 #3
numberwhun
3,503 Expert Mod 2GB
If I may add something as I deal with HTTPS and AS2 connections daily at work (I support a large corporate banking e-commerce system).

With HTTPS, while the certificates (as you mentioned) are passed over the network, the connection that is eventually established between the two sides is encrypted by the SSL keys. Then, the data files are then encrypted either by the SSL keys or something like PGP, and sent over that encrypted connection.

Hope this also helps.

Regards,

Jeff
Jan 29 '11 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

5 posts views Thread by Peter | last post: by
1 post views Thread by Phillip | last post: by
4 posts views Thread by Das | last post: by
7 posts views Thread by Tom | last post: by
5 posts views Thread by Jason | last post: by
11 posts views Thread by Jim | last post: by
reply views Thread by zhoujie | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.