Hi,
I am new to OpenSSL and am trying to prepare some illustrative documentation on how it works.
AFAIK, OpenSSL uses the concept of a pair of keys per host : one is a private key which is never communicated to any other host, and the other is a public key which is transmitted to the peer (the other party). The client uses the public key of the server (contained in the server's certificate) to encrypt its communication, which can only be decrypted with the server's private key. Please correct me if I am wrong.
Now the question is : when the server sends data to the client, what key does it use for encryption ? Does the client communicate its public key to the server (at some initial stage) which the server uses for encryption ? If yes, what if the client does not have a pair of public/private keys ?
The question arises because it does not seem logical that the server would its private key for encrypting data to be sent to the client. Else, snoopers who might have picked the public key could decrypt the data too.
Any help on clearing up the above points would be greatly appreciated. Thank you & Regards Manish Jain invalid.poin...@gmail.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
