-1

The server is sending data to the client and the client is using the public key to de-crypt the data. Simple enough. However, if someone with the public key is spoofing the line or gets his hands on the encrypted message packets, cant he/she steal the data using the public key?

What is wrong with my thought process.

Thank you

jww
  • 97,681
  • 90
  • 411
  • 885
user3363744
  • 167
  • 1
  • 9
  • 2
    You need to read up more on how public/private key encryption works. You can only decode data encoded with a public key with the private key. – Thomas Devries Jul 21 '17 at 00:18
  • Thank you for the response. I have read up on it and I don't understand it. Hence the question. – user3363744 Jul 21 '17 at 00:57
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Cryptography Stack Exchange](http://crypto.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Jul 21 '17 at 12:35

1 Answers1

1

When using SSL/TLS the data transferred between the client and server is not encrypted using the public/private keys. Each connection uses its own set of encryption keys which are generated during connection setup. These keys are generated based on a shared secret that is provided by the client and protected by encrypting it with the public key before sending it to the server. As long as proper precautions have been taken to protect the private key this means that only the server will be able to decrypt the shared secret.

For more detailed information you can read the Wikipedia entry on TLS Handshake

Chris Baldwin
  • 539
  • 3
  • 9