0

According to my current understanding of how https works, it seems to me that it shouldn't, because the client only has the public key which is meant for encrypting and not for decrypting, but when I checked it by sniffing the traffic of a website like Youtube (https) using wireshark, the package from the server to the client(my computer) also appeared as TLS, and therefore nothing from the HTML/JS/etc could be seen. Only encrypted hex.

So that's my first question. My second question is - if the answer to the first question is no, and I also want have the data that the client receives from the server to be encrypted in any way so that if someone stands in between, they couldn't observe the HTML that the client receives, would that be possible in anyway? A scenario would be that I have a secured page that shows the client passwords.

Clarifications on these matters will be very much appreciated.

FLUSHER
  • 257
  • 2
  • 12

1 Answers1

0

using HTTPS encrypts all the data communication between the server and client.

The same question has been asked here https://crypto.stackexchange.com/questions/32/how-can-ssl-secure-a-two-way-communication-with-only-one-key-pair

How Diffie-Hellman works, starts at 2:40 https://www.youtube.com/watch?v=YEBfamv-_do

You should read / watch videos on how HTTPS works.

https://www.youtube.com/watch?v=w0QbnxKRD0w

Sino Ka
  • 48
  • 2
  • 6
  • Well, that's good to hear, but what I still don't understand is how the client decrypts the data from the server. Does it use the public key for that? If so, then it doesn't quite make sense to me, because the public key is, well, public. So anyone eavesdropping could fetch and use it as well. – FLUSHER Oct 01 '17 at 13:13
  • this video explains the concept on how the client / server gets the key to decrypt / encrypt the data https://www.youtube.com/watch?v=YEBfamv-_do starts at 2:40 – Sino Ka Oct 01 '17 at 13:32
  • This video was so helpful! I finally got it. Thanks a lot mate – FLUSHER Oct 01 '17 at 17:53