• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

HTTPS: behind the scenes with real life example

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I access my account online. The bank account provides secure connection through HTTPS. I give my user name and password to access my account. What's happening behind the scenes here? What about encryption, public/private key? Who does the handshake/encryption? How does it take place? ON the client side (browser) and server side what's happening?
I read a few book and articles about security. But, they talk about security concepts and definitions in general, NOT with real life example.
Can you please explain what / how of behind the scenes?
If you have any article with real life soultion, Can you please send it across?

I sincerely appreciate your guidance on this.

Thanks for reading..!

Regards,
Satish
 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is based on PKI.

In fact every thing about security is based on PKI.
In order to provide https connection, server must has the PKI key pair. Server publish the public key.

Browser, know the CA, certification authority. It is used to verify the public key.

SSL works the same way.

PGP is also similar, but it use a session key to improve the performance.

===================================================================
You just have to understand.
1) Every thing is based on PKI.
2) Then you have to figure out how public key, private key are used in each case.
 
Satish Kumar
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, Hu, for your reply.

How does the browser check that the certificate is valid. Does the browser make a call to CA to check?
 
Hu Rui
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The server present public key as certificate.
The cerficate is a document contains public key and again signed by the public key of CA.

The Browser knows the CA. I is hard coded inside Explorer, I think, since I can not find where to specify it.

Browser trust CA, CA sign the public of https server, so if CA say the server's public is real, browser believe it.


But in JDK, it is a file. Under C:\j2sdk1.4.2_03\jre\lib\security
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic