I know that HTTPS helps to ensure security when data is being transferred from A to B, what I don’t understand is why an attacker can’t intercept the data is just decrypt it as HTTPS sounds to me as something “public”, wouldn’t that mean decryption is also publicly accessible?
In: 6
Think of it this way (oversimplified):
If I want to transfer data from me to you, we could both have a key that fits a really secure padlock (that we exchange when we meet).
But how do we do that if we never meet? If I have the padlock and the (secret) keys, how do I get one of the keys to you, or vice versa?
Well what if some really smart people came up with a special kind of padlock, which uses different keys to lock and unlock?
The key to lock the padlock can be made public. It can be sent through the regular mail.
So you just send me your locking key and the lock, I lock up the data, and now it can’t be unlocked by anyone who doesn’t have the unlock key – and only you have that.
This is “public key cryptography” oversimplified. This is how you communicate securely over the internet with servers over HTTPS.
Latest Answers