Friday, November 03, 2006


In simple terms: Can be used to generate the keys that a web server needs to encrypt the data sent between the client and the server


1. A client browser connects to the Apache HTTP server via a Web request
2. Browser asks to start a secure session with the server.
3. Server returns the site's certificate which also includes the server public key
4. The browser analyzes the certificate
5. Informs the user about its validity
6. Browser creates a session key, encrypted with server's public key
7. It is sent to the server
8. Server decrypts using its private key

Now, Both the browser and the server now are using the same session key. This is a symmetric key used to encrypt and decrypt data exchanged by the browser and server