The philosophy behind the 'secure' SSL connection or The Postman Always Rings Twice
Maybe you have asked yourself, how a 'secure, encrypted connection' to your bank could be built up, when no passwords or keys were exchanged before?
Imagine a travel suitcase with two locks. Now you have a postman, who transports this from you (point A) to somebody else (point B). And you don't want the postman have a look into your box. How can you do that without having to hand over the keys? Letting the postman transporting box and keys at the same time won't do!??
You begin with locking your box with a single lock. The 'private key' to this lock you put into your pocket.
Now, you're handing over the box to the postman. He carries the locked box to point B.
The other person, the receiver, now locks the box with a second lock, also keeping his 'private key' in his pocket.
Now, the postman carries the box back to A, knocking on your door the second time. In his hands: The same box - double locked.
Now you remove your lock with your 'private key', putting lock and key into your pocket.
The postman now carries this box, just again 'single locked', but still locked, content invisible, inaccessible for the postman, back to B.
The postman knocking the second time on B's door, bringing the box, which indeed, still is locked - but no problem - B can open the box, since it's his own lock, he posesses the key for!
So lets summarize: The box was locked all the time, it was transported. The postman so had no chance to have a look into. Surprisingly, no key had to be transported.
You (A) and the receiver (B), often called "Alice" and "Bert" in cryptographic papers, never had to hand over the keys to the postman. You had them - all the time - in your own pocket.
Isn't that just amazing?? Just by transporting the double lock box two times back-and-forth, the need to reveal the key (handing over a key to the postman) simply becomes - void.
This is the core idea behind any 'public key' mechanism!
Imagine, US patent office would allow to patent such simple mechanisms, forcing the world to pay billions of $$$ license fees!!!
Now to the mechanism, how to emulate this suitcase with two locks.
From math you might know, that factoring a product of two primes, a 'decomposition' takes long. Testing a long random number for being prime, is easy, see Wikipedia. So you easily might generate long primes and multiply them, without another person to give a chance to split them up again. How can Alice and Bert now use this for emulating a suitcase with two locks?
Alice constructs a long prime (p) and a second long one (q). Alice now sends the product of these two primes to Bert:
A -> (p*q) -> B
Bert also constructs two long primes (v) and (w) and multiplying them (v*w). Bert, having received (p*q), so multiplies (p*q) with v and w, sends this back to Alice:
B -> (p*q*v*w) -> A
Alice now removes p (the first prime) by dividing the product (p*q*v*w) by p and sends it back to Bert:
A -> (q*v*w) -> B
Bert, of course knowing v and w, can divide (q*v*w) by v and w and now has - q!!!
q is the 'secret' prime now, with which Alice and Bert can encrypt their whole (SSL/SSH/...) traffic!!
Lets see, what 'the postman' saw:
The product of (p and q). No chance for him to reconstruct either p or q. The product (p,q,v,w) -> no chance to reconstruct v or w. The product (q,v,w) -> still no chance to reconstruct q.
The core idea behind is a simple regrouping of just 4 primes:
(p x q) x (v x w) becomes regrouped to p x (q x v) x w.
That's all you can know about SSL and 'asymetric key encryption':
Just two simple core ideas from 7th class math: A suitcase with two locks and a regrouping of four primes!