how does public key cryptography work [duplicate]

Question

What I understand about RSA is that Alice can create a public and a private key combination, and then send the public key over to Bob. And then afterward Bob can encrypt something using the public key and Alice will use the public and private key combo to decrypt it.

However, how can Alice encrypt something to be sent over to Bob? How would Bob decrypt it? I ask because I'm curious how when I log onto my banking site, my bank sends me data such as my online statements. How does my browser decrypt that information? I don't have the private key.

Answer 1

Basically, the procedure is:

1. The client connects to the server and asks for the server's certificate. The certificate contains the public key and information about the server's identity.
2. Assuming the client is happy with the server's identity, it generates a random number P and encrypts it with the server's public key.
3. Only the server can decrypt P (with it's private key - not shared with anybody) so when the client sends the encrypted random number to the server, the server decrypts it.
4. The client and server both use P to generate a symmetric key for use in a symmetric encryption algorithm, safe in the knowledge that only the client and server know the value of P used to generate the key.