calande 
06122008 05:03 AM 
Public key, private key explained
Hello,
I'm trying to understand how encryption and authentication work. I read that for the case of a web site and an SSL certificate, let's take the example of you buying from Amazon, there is a private key that only Amazon knows, and the Amazon.com public key that anyone can get. So you access https://www.amazon.com, the web site sends you its public key, and its web page encrypted using their private key. Using the public key, you know it came from Amazon and you can read the content of the HTML file. Ok. But if between my computer and the Amazon servers, there is some one who snifs the packets sent back and forth, he knows I'm visiting Amazon, he also knows the public key, and therefore, he can intercept HTML data and decrypt it using the public key, right? Then it's not secure. Or am I missing something? :)
Thanks,
