Re: Basic Questions about PKI

From: Michael Sconzo (msconzo_at_tamu.edu)
Date: 10/08/03

  • Next message: Chee Young, Tan: "RE: Basic Questions about PKI" 
    To: "Roger A. Grimes" <rogerg@cox.net>, <security-basics@securityfocus.com>
Date: Wed, 8 Oct 2003 10:48:18 -0500

    Sorry, if I seem a bit blunt, but I didn't think people wanted a
    rant/dissertation/etc... on PKI :)
    If I miss anything or made some errors (gross or otherwise) by all means let
    me/the list know, thanks.

    > Can someone that knows PKI cold confirm my knowledge of PKI?
    >
    > Here's what I think I know about PKI (accurate or not I'm not sure):
    >
    > a. People ENCRYPT messages to me with my PUBLIC key and send the
    encrypted
    > message to me, and only I can open the encrypted message...because ONLY my
    > PRIVATE key can decrypt messages encrypted with my PUBLIC key.

    Yup

    >
    > b. If I want to SIGN a message, I use my private key to sign the message
    > digest (ENCRYPTING the hash result). The receiver who wants to rely on my
    > signed message uses my PUBLIC key to DECRYPT my encrypted message digest.

    Yup, however a very important thing do remember is to always sign before you
    seal (encrypt).

    >
    > c. Both private and public keys can decrypt, and both private and public
    > keys can encrypt. It just depends on the situation of what we use when.

    Yup, they are both just numbers, 1s & 0s etc ... However, it is 'hard' to
    get a private key from a public key, but the reverse is not true. This is
    why not distributing your private key is important.

    >
    > Is that logic correct?
    >
    > Could we encrypt messages that we want to send to others with our private
    > key (but don't because if we did anyone with our public key could read)
    the
    > seemingly private message?

    This is the basis for signing, a digital signature is when you 'encrypt' the
    message with your private key...since everybody has your public key it is
    trivial for them to 'decrypt' (verify that is came from you). It would be
    silly to waste the computing power to 'encrypt' something when everybody can
    read it.

    If you are looking for a good book about crypto, i would HIGHLY recommend
    "Handbook of Applied Cryptography" byt Menezes, van Oorschot and Vanstone.

    >
    > Roger
    >

    -Mike

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Chee Young, Tan: "RE: Basic Questions about PKI"

    Relevant Pages

    • Re: private to public decrypt now working
      ... If you switch it to use the public key to encrypt and private to decrypt it works. ...
      (microsoft.public.dotnet.security)
    • Re: More on learning "Public Key Authentication"
      ... let me say that in public key ... >> encrypt the result with Alice's public key. ... >> is sent to Alice who decrypts the message with her private key (which ... > encrypted with my private key and they can then decrypt it with the ...
      (comp.sys.mac.system)
    • Re: More on learning "Public Key Authentication" [correction]
      ... As the person who created that private ... How do I "specify" the file? ... > transfer the long 2048 digit public key to the other computer. ... specific keyfile you want to use to encrypt or sign a specific data ...
      (comp.sys.mac.system)
    • [OT] Re: Basic question about Public Private Key Pairs
      ... > and private keys allow me to decrypt, but vice versa is not possible (or ... a public key and a corresponding private key. ... You can encrypt something with each key; ...
      (microsoft.public.dotnet.security)
    • Re: Encryption question
      ... will be able to encrypt and decrypt the same messange. ... it with alice private key.... ... >>messange with his public nor with is private. ... she will encrypt it with his public key. ...
      (Security-Basics)