471,111 Members | 1,485 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,111 software developers and data experts.

How does HTTPS work?

Markus
6,050 Expert 4TB
I mean, I understand the gist of it to go something like:
  1. Browser receives certificate from server
  2. Browser then queries that this certificate is valid
  3. The two swap encryption keys for deciphering the encrypted data

Of course it's a little more involved than that, and I may be wrong in my understanding (please correct me, if so). But what I don't understand is: how is this secure? Surely if the server and client are swapping the keys for the encryption this data has to be sent over the network and just like any other data it can be observed. So what do I not understand properly?

Oh, and hi everybody!
Jan 26 '11 #1

✓ answered by Banfa

You are missing a rather important point which is that the certificate contains the sites public key. Once you have queried the certificates issuer to verify it you can then send data to the site encrypted using the public key.

Because it is a public key the data is secure since the public key can not be used to decrypt the data and the browser can use this encrypted link to securely send the required key to the remote site allowing a fully encrypted and secure link to be set-up.

Try reading everything linked to starting at

http://en.wikipedia.org/wiki/HTTP_Secure

3 6220
Banfa
9,065 Expert Mod 8TB
You are missing a rather important point which is that the certificate contains the sites public key. Once you have queried the certificates issuer to verify it you can then send data to the site encrypted using the public key.

Because it is a public key the data is secure since the public key can not be used to decrypt the data and the browser can use this encrypted link to securely send the required key to the remote site allowing a fully encrypted and secure link to be set-up.

Try reading everything linked to starting at

http://en.wikipedia.org/wiki/HTTP_Secure
Jan 27 '11 #2
Markus
6,050 Expert 4TB
Ah! Well that makes sense.

Thanks.

Mark (goes to read)
Jan 27 '11 #3
numberwhun
3,503 Expert Mod 2GB
If I may add something as I deal with HTTPS and AS2 connections daily at work (I support a large corporate banking e-commerce system).

With HTTPS, while the certificates (as you mentioned) are passed over the network, the connection that is eventually established between the two sides is encrypted by the SSL keys. Then, the data files are then encrypted either by the SSL keys or something like PGP, and sent over that encrypted connection.

Hope this also helps.

Regards,

Jeff
Jan 29 '11 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

5 posts views Thread by Peter | last post: by
1 post views Thread by Phillip | last post: by
4 posts views Thread by Das | last post: by
7 posts views Thread by Tom | last post: by
5 posts views Thread by Jason | last post: by
11 posts views Thread by Jim | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.