Home > Understanding the HTTPS Process for Security+

Understanding the HTTPS Process for Security+

November 16, 2011 by 1 Comment

When studying for the CompTIA Security+ exam, you’ll come across some  cryptography objectives.  One thing that confuses many people is how SSL works with HTTPS.

I’ve broken it down to the following steps with a diagram at  the end that may help you understand it a little better.

  1. The client starts the session by clicking on the link.
  2. The server responds by sending a certificate. The certificate includes the server’s public key that is part of a matched private/public key pair. The private key is always kept private by the server.
  3. The client creates a random session key and encrypts the session key with the server’s public key. In the figure, the encrypted session key is UcaNP@$$.
  4. The client then sends the encrypted session key to the server.
  5. The server decrypts the session key with the server’s private key.
  6. The rest of the session uses the symmetric session key.

HTTPS 300x295 Understanding the HTTPS Process for Security+

Can You Answer These Security+ questions?

  • Question:  What asymmetric key is used to encrypt when creating a secure web session?
  • Question:  What asymmetric key is used to decrypt when creating a secure web session?
  • Question: What key is used to encrypt a secure web session?

You can find more details on cryptography in chapter 10 of this book:

 

 

If you just want some practice test questions to check your readiness for the Security+ exam, check out this book available in paperback and Kindle versions.

 

 

Security+ Practice Test Answers

Question:  What asymmetric key is used to encrypt when using HTTPS?
Answer: The web site’s public key.

Question:  What asymmetric key is used to decrypt when using HTTPS?
Answer: The web site’s private key.

Question: What key is used to encrypt an HTTPS session?
Answer: Symmetric

While it isn’t as important for cryptography, you should also know which ports are used by HTTP and HTTPS.  HTTP uses port 80 and HTTPS uses port 443.

HTH,

Darril Gibson

If you liked this post, say thanks by sharing it.
email Understanding the HTTPS Process for Security+
Filed Under: CompTIA, Security+ Tagged With: , ,
About Darril

Darril Gibson has authored, coauthored, and contributed to more than 30 books including the top selling CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (http://amzn.to/TBFHYd). He holds many current IT certifications including A+, Network+, Security+, CTT+, CASP, SSCP, CISSP, MCT, MCITP, MCSA, MCSE, and more. He has recently released a new book providing simple steps anyone can use to achieve success in their lives: "You Can Do Anything - Three Simple Steps to Success for Graduates" (http://amzn.to/VRMev3). Darril actively writes, teaches, and consults on a wide variety of IT topics.

Trackbacks

  1. Certificate, Certificate Revocation List, and Certificate Authority says:
    July 25, 2012 at 12:46 pm

    [...] how asymmetric encryption is used to privately share a symmetric key in HTTPS with SSL and TLS: Understanding the HTTPS Process for Security+. Another article that ties in multiple cryptography topics for the exam is Security+ Cryptography [...]

    Reply

Speak Your Mind

*