Asymmetric Encryption
https://stackoverflow.com/questions/3603714
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have an exam tomorrow in Advanced Development, but I am stuck on the topic of Encryption. I have read up on it at http://support.microsoft.com/kb/246071. However I am still confused.
If a message is encrypted using Asymmetric Encryption, using the public key, how is the decryptor going to know the private key with which to decrypt it? Surely the only way to do this is to make the private key public, but that defeats the object of Asymmetric Encryption.
Can someone please explain this in a way that a non-techie would be able to understand it? Its only Asymmetric Encryption I dont understand, not Symmetric Encryption. Thanks in advance.
Regards,
Richard
Edit: So to sum up all the answers in the case of a web application (the specific use for which I need to know about this):
- User visits a website;
- User is requested to provide a public key;
- User creates public and private key-pair, keep the private one private and sends back the public key to the server;
- Server uses the public key to encrypt anything which needs to be sent to the user and sends the information to the user;
- User uses his / her private key to decrypt the response from the server;
- User does what they need to and sends back a response to the server, using the private key to encrypt it;
- Server decrypts using the public key. Steps 4 - 7 may continue many times, or they may only happen once, or only 4 and 5 may occur.
Is this all correct? If so then it should be all I need to know for the exam. I shouldnt think I would need to know any more to get the maximum 40% should a question on this subject come up - will mention the existence of certificates and signatures though.
Thank you for all the help.
Regards,
Richard
Edit: Well I have just got back from my exam and it went fairly ok I think. But no question on cryptography came up, however... The help was appreciated anyway. Thanks all.
Regards,
Richard
Solution
Alice creates her Private Key + Public Key. She keeps her Private Key private. She makes her Public Key public.
Bob takes Alice's Public Key (he should first verify, that it's really Alice's Public Key!), and uses it to encrypt a message, which he sends to Alice.
Alice can decrypt the message using her Private Key.
OTHER TIPS
A private key is meant to be known only by its legitimate user and not distributed. Its counterpart, the public key, may be distributed to anyone.
Based on this, you can get 4 operations:
- encrypt using the public key
- decrypt using the private key
- sign using the private key
- verify the signature using the public key
The next problem you may encounter is the binding of an identity to a public key (as you wouldn't want to encrypt something with or trust something signed with the public key of an impostor). There are various models of public key distributions. Typically, you can have:
- a web of trust, where people sign each other's association between the public key and the identity: this is typically the PGP model.
- a public key infrastructure (PKI) where you get certification authorities to produce certificates, often with intermediates, in a tree-like hierarchy. (PGP can use this model too, but this seems less common.)
Others have provided a "generic" description and I'll go deeper into the real-life side.
Most modern asymmetric encryption standards operate not with raw public and private keys, but with more complex wrappers, such as X.509 certificates or OpenPGP keys (these are two most popular asymmetric encryption infrastructures today). Both certificates and OpenPGP keys contain extra information that lets them be easily identified, searched for and managed.
Now, the encrypted data block usually includes the public part (i.e. the certificate or public OpenPGP key) used for encryption, or at least the ID (hash of this public part). The recipient of the data usually has (or is supposed to have) both public and private parts (private keys are usually kept together with certificates or public openpgp keys) at hand. So when the recipient receives the encrypted data, he knows that he needs to look his private key storage for public part with given ID (or for given public part when it's included into the encrypted data).
There exist cases when nothing is included. Then the recipient has nothing to do but try all available private keys for decryption. But such cases are rare as by default the certificate or key id are present in the encrypted data block.
The public key is provided to the "encryptor" by the "decryptor", therefore, by definition, the "decryptor" knows the private key (because it is part of the key pair created by the "decryptor".
Let's say "decryptor" = D, and "encryptor" = E.
D previously sent his public key to E, so E can encrypt the mesage. Because only D knows his own private key, only D will know how to decrypt the message E just sent him (remember: one key is used to encrypt, the other to decrypt). In this way, you get privacy.
