smittypaddler
New member
I'm an old computer unix guru, retired for 6 years now, but as I recall, the way SSL (Secure Socket Layer), which is the protocol used when you connect to an https site involves public/private encryption keys. A server advertises their public key to the world using a trusted third-party certification authority. Any message you send to the server encrypted with their public key can only be decrypted by that server. Such messages are virtually not decrypt-able by anyone else, e.g. the time it would take to do so is measured in many HEs (human eternities). The dialog to initiate a secure communication over an unsecure line is something like this:
Client: I'd like to establish a secure connection with you. Here's my public encryption key, which I've encrypted using your public key that I obtained from a trusted certification authority, so only you can read it after decrypting with your private key. Using it, please send me an encrypted message, which only I can decrypt using my private key, with a public encryption key I can use to talk to you over an unsecured line. The public key you send me must be unique, and not sent to anyone else (usually 128 bits long, there are a gazillion possibilities for such a key).
Server: Here's a public encryption key you may use to talk with me, which I've sent to you encrypted using the public key you sent me so only you can read it with your private key. This key is one of a gazillion possibilities, so the possibility of anyone guessing it is virtually 0.
Client: I'd like to establish a secure connection with you. Here's my public encryption key, which I've encrypted using your public key that I obtained from a trusted certification authority, so only you can read it after decrypting with your private key. Using it, please send me an encrypted message, which only I can decrypt using my private key, with a public encryption key I can use to talk to you over an unsecured line. The public key you send me must be unique, and not sent to anyone else (usually 128 bits long, there are a gazillion possibilities for such a key).
Server: Here's a public encryption key you may use to talk with me, which I've sent to you encrypted using the public key you sent me so only you can read it with your private key. This key is one of a gazillion possibilities, so the possibility of anyone guessing it is virtually 0.