Till now I haven’t really studied secure communication and I have some basic questions. Assume there is a browser(the client) and a server. From what I have understood, the server has both a public and a private key. The public key is known by everyone and the private key only by the server. So when the client sends a message to the server, it is encrypted with the public key of the server and only the server can decrypt it(cause only the server has the private key).
Now to my question: What happens when the server wants to send a message to the client? The server encrypts the message with its private key and the client decrypts it with the public key(it is known by everyone). So far so good. But if someone sniff the traffic, he can also decrypt the message, cause everyone knows the public key. How is it secure? I am sure I don’t understand something really basic here:(
Thanks in advance!
Best regards,
Petar
Secure communications involve not only encryption (which is actually the easy part) but also, and more importantly, authentication.
It is possible to establish encrypted communications between two parties without needing any keys exchanged beforehand (e.g. see Diffie–Hellman key exchange).
The hard part is making sure that whoever you are talking to is trustworthy. This is where public and private keys come in.
So the workflow goes somewhat like this: