When we ask someone they say, the https page is encrypted. In this post I have discussed what encryption is used, how the keys are exchanged and how the communication happens.
Here we go!!
When we key in the URL or redirected by the web server to https page, an initial 3-way handshake is completed between the client and server to establish the connection.
Then the sever sends its Certificate to the client system.
refer screen shot:
This certificate also carries the Public Key of the Server from which the browser received the response. (The public key embedded in the certificate can be found in the Details tab of the certificate for IE browser).
Now the local system will create a temporary key and encrypt it by using the Public Key on the certificate.
The encrypted data is then sent to server.
At the server end, it decrypts the incoming data using its Private Key. Thus, both the Server and Client have the same key in hand, so they will start encrypting the data according to the algorithm either DES or 3 DES or any other Symmetrical Encryption Method.
Conclusions:
- The HTTPS link uses the Hybrid encryption method:
- Asymmetrical method to share the public key and obtain the Session specific secret key
- Symmetrical Method to perform the data transactions
- Details on a Certificate:
- Host name
- Certificate Authority
- Validity Period
- Public Key of the Server
- Template
Informative :-)
ReplyDeleteGood Stuff ..Go on ..
ReplyDelete