SSL Client Server Communication

2018-06-07 02:06:09

When we use SSL(Secured Socket Level) Server has private key whereas client has public key. In such cases client encrypt data and server decrypt it to get actual details, but how it will work if server is sending some critical financial details to client. In this situation as client has only public key so whether it is possible for key to decrypt details.

In short how secure communication from server-->Client works.

Public key cryptography is only used during the SSL/TLS handshake to agree on shared keys. The encryption/decryption of the data on top of SSL/TLS is then done using these shared keys.

You should read about Diffie-Hellman Key Exchange and RSA Key Exchange.

Here is a document describing the principles of the key exchange: http://technet.microsoft.com/en-us/library/cc962035.aspx

There is also a description of how this applies to SSL/TLS here: http://technet.microsoft.com/en-us/library/cc783349%28WS.10%29.aspx#w2k3tr_schan_how_eicp

Well, in reverse? The server logs in to the client with ssl in the same way as the client would log into the server? That is, if you require a separate connection. If the server sends back the sensitive information within the same secure session, there is no security problem.

But maybe I don't understand your question correctly :)

I think that after server sends his key to client, client can generate a private key and send it over SSL to the server. After that both client and server can use their private key to comunticate. I'm not an expert but that make sense

链接地址: http://www.djcxy.com/p/21792.html

上一篇: SSL公钥和私钥

下一篇: SSL客户端服务器通信