5

I've just been doing a bit of wondering and learning, and I wanted to know how this works. I'm pretty sure I understand the concept of public/private key pairs, as i've gotten it to work with ssh, but I was wondering about https sites too. Where does my machine get the key pairs. Does chrome automatically generate a new key pair every session? Is there one hidden on my machine I don't know about?

I could be getting this all wrong, but any help would be great. :)

Glen Takahashi
  • 861
  • 1
  • 10
  • 19

2 Answers2

4

Browsers only generate key-pairs when the user needs to request a new (typically client) certificate. This is not necessarily related to SSL/TLS, but more of a convenience facility to issue certificates. This has nothing to do with day to day use of HTTPS. (Even if you are using a client-certificate, you only generate the key-pair when that certificate needs to be issued/renewed, typically once a year.)

The keys used for encryption are symmetric keys, negotiated during the handshake, where only the server certificate is required (for authenticated negotiation). You may find more details in this similar question: Can One Public Key be Used to Encrypt and Decrypt Data during the SSL Handshake?

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
1

Yes your browser generates only symmetric keys

see http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame2.doc_5.1/ss7aumst18.htm

Luca
  • 4,223
  • 1
  • 21
  • 24
  • The link is broken. Could you please elaborate: a browser generates a keypair for each request/session? because this is a long process and needs for a good entropy. Or there is only a one keypair generated once and used for all websites? – Sergey Ponomarev May 15 '22 at 20:28