Public key encryption

SSL relies on the concept of “public key cryptography”.

Public key encryption is a type of cryptographic system where each party has both a private and a public key, which are mathematically linked to each other. The public key is used for encrypting plaintext to “ciphertext” (essentially, gibberish), while the private key is used for decrypting that gibberish back into plaintext.

Once a message has been encrypted by a public key, it can only be decrypted with the corresponding private key. Neither key can perform both functions by itself. The public key can be published freely without compromising the security of the system, but the private key must not be revealed to anyone who isn’t authorized to decrypt messages.

How is this possible? Math!

One of the most common way this exchange is performed is by using a Diffie-Hellman key exchange. This process allows the client and server to agree upon a shared secret, without having to transmit that secret over the connection. Again, snoopers can’t determine the shared secret even if they’re watching every packet on the connection.