is this SSL scenario valid or not?

suppose that client and Server would like to communicate over the network using SSL,

  • the client encrypt the message1 using server's public key -> sending the message1 to the server -> the server will decrypt the message1 using server's private key.

  • the server encrypt the message2 using server's private key -> send the message2 to the client -> the client decrypt the message2 using the server's public key .

  • My question here is that, in case 2, if an adversary got the server public key (which is public) then he will be able to decrypt the message2, is that right or I'm missing something here ?


    If you encode something with the "private" key, yes, anyone will be able to decode it using the "public" key. If the "public" key is public, that won't be very secure.

    I think you have some sort of confusion, though; in a nutshell, SSL just uses public key cryptography to exchange a secret key and performs the rest of the communication using symmetric encryption using this secret key.

    Asymmetric/public-key crypto is much slower than symmetric/secret-key, so public key is only used briefly- to acquire its properties (ie identification) and then it "switches" to faster secret key encryption.

    链接地址: http://www.djcxy.com/p/21810.html

    上一篇: SSL安全人员

    下一篇: 此SSL方案是否有效?