Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
1 Like
@Leo should probably have specifically mentioned that the secret key agreement is done by a key agreement algorithm such as Diffie–Hellman key exchange.
The site certificate is signed with a private key, and includes the public key chain necessary to validate the certificate. (The key chain is signed by a hierarchy of keys up to a Certificate Authority the browser trusts.) Once it has verified the certificate, it can assume the site is who they say they are. After that, the key exchange occurs, to establish the session key. Once that completes, both sides have the same session key and that session key is used with symmetric cryptography until the session ends.