1

I understand how public key encryption works and I understand how it works into SSL. Server sends encrypted(public) key so I can send it a message but only it knows the private key to decrypt it.

Does the reverse happen? Does my browser send the server a public key to send data back securely or is it not secured?

random
  • 450
  • 1
  • 9
  • 16
Jacob
  • 9,204
  • 4
  • 45
  • 56

1 Answers1

6

The public/private key pair is only used to negotiate a symmetric key in SSL. Once the symmetric key has been agreed on, actual user data is encrypted using the symmetric algorithm and that new key. It is not based at all on the public/private key pair.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 3
    You can get more details on the SSL (TLS) handshake process @ http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake_in_detail – voretaq7 Feb 15 '11 at 22:00