Why HTTPS Matters: Understanding Symmetric & Asymmetric Encryption

1. Why HTTPS is Needed

Before HTTPS, all requests were sent in plaintext, so anyone who could eavesdrop or capture packets could read the communication. Encrypting the data protects it; encryption can be symmetric or asymmetric.

2. Symmetric Encryption

Symmetric encryption uses the same key for encryption and decryption. Since the client and server do not share a secret key beforehand, the key must be transmitted, which can be intercepted, making pure symmetric encryption insecure.

3. Asymmetric Encryption

Asymmetric encryption uses a pair of keys: one for encryption, the other for decryption. The server can publish a public key, but an attacker can also obtain it, so encrypting data with the public key alone does not protect the transmission of the key itself. Only the server’s private key remains secret.

4. Key Transmission Process

The process of securely delivering the symmetric key (A) to the other party is illustrated below.

5. Why HTTPS Is Reliable

HTTPS solves three main problems:

Encrypted communication prevents anyone who intercepts the data from reconstructing the original information.

It blocks man‑in‑the‑middle attacks because the server provides a CA certificate that the client can verify.

The CA certificate’s public key is built into operating systems and browsers; only the CA’s private key can sign a valid certificate, ensuring the certificate’s authenticity.

6. Role of Keys

A recap of the purpose of each key used in HTTPS is shown below.

Reference: 【web安全3】【硬核】HTTPS原理全解析 (https://www.bilibili.com/video/BV1w4411m7GL)