问题
Does private key is required on web server during SSL communication? I've read:
In SSL, each party calculates the secret key individually using random values known to each side. The parties then send messages encrypted using the secret key
and
The private key is a randomly generated key for the session and is not stored.
Above quotations relate Oracle Application Server SSL communication, but I think it should concern general SSL communication. Could you explain, what is role of private key (so far I think private key is required on web server during SSL).
回答1:
Yes, the private key is required during the SSL handshake as it is used to prove that the server is indeed the owner of the Public Key of the deployed certificate.
But the Public/Private key pair are not used for encryption of the application messages. They are used only in the handshake which creates in the process a shared key by cryptographic parameters transmitted to the client in order to calculate it and used for the symmetric encryption of data after the handshake completes succesfully.
来源:https://stackoverflow.com/questions/12664913/is-private-key-required-on-web-server-during-ssl-communication