Edward Diener <el...@tropicsoft.com> writes: [...]
> In this last case I do not understand how the client can encrypt > data going to the server if it has no private key of its own. Each combination of algorithms that can be used when only one party has a key must provide some way to do this. When RSA is used and only one party has a private key, the party without the key (usually the client) generates a secret, then sends it to the server using its public key. The client knows the secret because it made it up. The server knows the secret because it can decrypt it with its private key. But an observer cannot figure out the secret, so it is secure. This secret is used as part of the key generation process, and the generated key can be used with a conventional symmetric cipher (like DES or AES) to communicate securely. Alternately, the Diffie-Hellman(-Merkle) key-exchange protocol can be used to establish a shared secret. See the Wikipedia entry: http://en.wikipedia.org/wiki/Diffie-Hellman These are the two most commonly used ways. [...] > For what books do I look to specifically understand how these > certificates work with public key-private key pairs ? SSL books ? > Cryptography public key-private key books ? For a general understanding of cryptography, I learned from Bruce Schneier's "Applied Cryptography". That provided enough basic background information to get me by for a number of years. Recently I'm having to understand more of the details, and I'm reading Eric Rescorla's "SSL and TLS: Designing and Building Secure Systems" to learn about the SSL protocol, and the O'Reilly book "Network Security with OpenSSL" to learn about the OpenSSL library and its API. Hope that helps! ----Scott. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org