Shark_M wrote:
rheaney wrote: If you want to know more about public/private keys and digital signatures, I suggest you pick up "Invitation to Cryptology" from Amazon (or somewhere else). I takes you through it all, and although its a bit pricey, it does quite a good job of explaining the process in detail.
thanks , i will look into that
but in the mean time, can you give me a general idea, as to how private/public keys work? why is the public key public, while the private key private? how is the public key used, and by what side, and what about the client? Is it wise to have public keys?
what is better than public/private keys? i mean Master Secrete key was old, and public/private keys came after it to replace it, i am woundering if public/private keys are replaced by something newer?
thanks again
I'll have a go at explaining this. Not sure how well i'll do
Up until the 1970s all encryption was done using symettric key techniques, which is basically where the two people wanting to send secret messages have a shared secret key that only they know., and encrypt and decrypt using the same key ( hence symmettric ).
The obvious problem here is that the secret key needs to be transferred between the people wanting to exchange messages, and this has to be done out of band from the normal message transfer. It's this key exchange problem that public key cryptography solves, and which was why it was such a significant breakthrough when it was discovered in the late 70s.
The basic assumption behind public key crypto is that there exist mathematic functions that are one-way; things that are easy to do in one direction, but extremely difficult to do in the other. The canonical example is factoring large numbers ( which forms the basis of the RSA cryptosystem )
So given a number 1457 say, it is hard for me to tell you what all the factors are. But if i give you the numbers 31 and 47, it is easy for you to multiply those numbers together to get 1457. Obviously this wouldnt fool a computer for long as it could simply try all possible factors, but make the numbers big enough ...
Once you accept the assumption that factoring is hard, and multiplying is easy you can build a simple crypto system around it. Continuing the toy number example...
Call 1457 your public key and publish it to the world
keep 31 secret ( this is your private key ).
destroy 47
Now even though everyone can read your public key, they can't derive your private key because factoring 1457 is too hard.
Now with a bit more mathematic trickery you can arrange it so that messages encrypted with the public key can only be decrypted by the private key, and messages encrypted with the private key can only be decryted with the public key. This forms the basis of how all public key crypto systems work ( with different choices of one-way function ).
So, to encrypt data for someone so that only they can read it i encrypt with their public key ( which i and everyone else knows ), and this guarantees confidentiality since i know only they know their private key and can decrypt it.
Similarly to sign something, i encrypt it with my private key. Everyone can decrypt this, but because only i know my private key only i could have done the initial encryption. This is what makes digital signatures work - if you can successfully decrypt a message sent from me, you know no-one has tampered with it on the way. Also i can't easily say that i didn't sign it ( since only i can... ) so you get both integrity and a degree of non-repudiation ( provided you can prove the public key is mine )
Asymettric crypt doesn't replace symettric crypto, it complements it and helps you solve a wider set of problems. One issue is that assymettric crypto is about 1000x slower than symettric crypto, so you can't use it for bulk operations. A typical use is to establish a shared secret so that we can use symettric crypto to pass a series of messages. A very simple ( and easily attacked ) protocol to do this could be:
I choose a secret key, and encrypt it in your public key. I now know that only you can decrypt it. I then sign the encrypted package using my private key and send it to you.
You check the signature on the data, and confirm it comes from me. Then you decrypt the package to get the shared secret key. We can now use this key to bulk encrypt messages.
It's a big subject though, so this is probably all miles off what you were really after knowing
