I know that HTTPS helps to ensure security when data is being transferred from A to B, what I don’t understand is why an attacker can’t intercept the data is just decrypt it as HTTPS sounds to me as something “public”, wouldn’t that mean decryption is also publicly accessible?
In: 6
HTTPS is a *method*, an eavesdropper doesn’t have the *key* to decrypt the data. Everyone knows how a standard lock works but knowing how it works doesn’t mean they know the key bitting for your front door.
There are also encryption methods with “public” and “private” keys. With this kind of encryption someone can encrypt a message with their private (secret) key and it will be able to be decoded with the public key. This shows people that the message came from the holder of the private key but doesn’t tell them what that key is.
Latest Answers