Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does SSL encrypt data from server to client?

Tags:

Most of the wiki articles describe how client browser uses the public key (certificate) encrypt sensitive data (such as username/password) and send this encrypted data to server. Server will use private key to decrypt it. I get this part. But no clear information saying how server encrypt data and send back to browser.

Use my online banking as example:

(0) I already accepted trusted certificate (public key) from my online-banking.

(1) Through SSL URL, My browser visit https://myonlinebanking.com

(2) I typed username/password to login. These data are encrypted, so the man-in-middle can only see meanless data.

(3) Bank web server received my encrypted data, and use its private key to decrypt it and authenticate my account successfully.

Now here are my questions:

How bank sends back my data? Bank encrypt the response data by what key? If bank encrypted with "public key", the man-in-middle can see it just as I can see it. So the man-in-middle doesn't know my username/password, but he can still see my account balance?

Thank you for your help.

like image 374
Simon Avatar asked Jun 09 '12 09:06

Simon

People also ask

How does SSL work between client and server?

SSL is a security protocol that secures communication between entities (typically, clients and servers) over a network. SSL works by authenticating clients and servers using digital certificates and by encrypting/decrypting communication using unique keys that are associated with authenticated clients and servers.

How do you secure data between client and server?

Your data and passwords are more secure when they are protected by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), a form of SSL. SSL and TLS are the standard technology for creating encrypted sessions between servers and clients.

How does an SSL certificate encrypt data?

The web server sends the browser/server a copy of its SSL certificate. The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server. The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.

How does encryption work between client and server?

At the beginning of every client and server connection, a key exchange protocol negotiates shared encryption keys between the client and server. These keys encrypt all communication between the client and server, ensuring that the communication is secure and that third parties cannot decipher the messages in transit.

1 Answers

You have some wrong assumptions:

  • The HTTP data is not always encrypted with public key of the Server, in order to send it to the Server.
  • The public key of the Server is just used in the beginning (handshaking protocol) to establish a secure key, for Secure key encryption (Symmetric encryption).
  • All the communication is over Secret key or Symmetric Key encryption, where the client (browser) and the Server use the same secret key to encrypt and decrypt data.

TLS (Transport Layer Security) protocol uses a combination of Asymmetric encryption (Public key) and Symmetric Encryption (Secure Key). The main communication with your bank is using symmetric encryption, for which the session keys (secure key) is established safely during TLS handshaking, using asymmetric encryption.

It is all in the TLS (Transport Layer Security) handshake, which is very well explained in this link.

like image 126
kapil Avatar answered Sep 18 '22 14:09

kapil
Sign in to Comment

Related questions

Simple Popularity Algorithm
Hosting your own NuGet and Symbol Source server?
What causes Chrome Timeline Frame to have so much empty white space
Use of yield with a dict comprehension
Save session in IPython like in MATLAB?
Inject Service in ConstraintValidator [Bean Validator - JSR 303] Spring
How to enforce the left-to-right node ordering in GraphViz rank layout?
When using yield within a "using" statement, when does Dispose occur?
Find All Rows With Null Value(s) in Any Column
Compiling C++ with SWIG on Mac OS X [closed]
Can HQL Select on the result set of another query?
Requests hanging on Session module on IIS 7.5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!