Public Key Encryption

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Your Web server's SSL security feature uses public key encryption to shield the session key from interception during transmission. Public key encryption involves the use of two additional keys: a private and a public key.

Figure 5.6 shows how public key encryption works, and the steps that follow describe the process in more detail.

1. The user's Web browser establishes a communication link with your Web server by using the https:// protocol.

2. The user's Web browser and your server engage in negotiation to determine the degree of encryption to use for securing communications.

3. Your server sends the browser its certificate, which includes a public key.

4. The user's Web browser generates a session key, encrypts it with the server's public key, and sends it to your server.

5. Using the private key, your server decrypts the message and retrieves the session key sent by the Web browser.

6. Your Web server and the browser both use the session key to encrypt and decrypt transmitted data.

The private key plays an important role in ensuring that your communication link remains secured. You should take every reasonable precaution to protect the private key from loss or theft. If you suspect that your private key has been compromised, notify your certification authority and then use the Web Server Certificate Wizard to create a new certificate request so you can obtain a new server certificate.