tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: encrypting a form's action URL with HTTPS link
Date Fri, 24 Oct 2003 13:42:58 GMT


On 10/23/2003 05:33 PM Punjabi, Naveen K wrote:
> Hello Adam,
> 	
> 	Well yes, in case of SSL (secure socket Layer) all your form
> content along with the page header will go in an encrypted format. If
> you want to know in detail how SSL works then here goes the entire
> explanation
> 
> 	SSL is based on the Public Key crypto system with following
> steps
> 
> 1. When you type an SSL URL, the browser sends a hello message to the
> server. 
> 2. The server then sends its own Certificate and a random nonce
> encrypted with its public Key.
> 3. The browser gets the Server certificate. Verifies it. Gets the public
> Key from the certificate and authenticates the server
> 4. The client then makes an MASTER KEY and encrypts it with the server
> public key. It sends its own certificate to the server. And also a nonce
> encrypted with its own public key.
> 5. Now server takes the client certificate. Verifies it. Gets the public
> key of client from the certificate and authenticates the client. 
> 6. Now the server knows the client public key, so it just decrypts the
> encrypted Master Key. this master key then becomes the secret key for
> further transactions between the client and server.

Thanks for the excellent run-down, Naveen.

regards
Adam

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message