beer9
asked on
How HTTPS works?
As per my understanding.. Web server keeps the Private and Public key and distribute it's public key and all the clients who want to connect to it's web server.
So Web server uses it's private key for encrypt and decrypt the message to client.. whereas client uses *only* the public key of web server for encrypt and decrypt the message to web server.
I would like to know.. why client doesn't use it's own private key here? I believe in Public Key Infrastructure (PKI) both party needs to have their own private and public key pair to participate. Why the private key of client is missing here? Thanks!
So Web server uses it's private key for encrypt and decrypt the message to client.. whereas client uses *only* the public key of web server for encrypt and decrypt the message to web server.
I would like to know.. why client doesn't use it's own private key here? I believe in Public Key Infrastructure (PKI) both party needs to have their own private and public key pair to participate. Why the private key of client is missing here? Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the web server and client interaction.. web server encrypt message with his private key which can only be decrypt using his public key and it is freely/openly available. So there is a chances that in man-in-the-middle attack hacker would capture the packet which web server sends to client and would able to decipher it using the public key of web server. So all the communication which web server sends to it's client is viewable by hacker.
So here the security is compromised, isn't it?