[OT] Re: Basic question about Public Private Key Pairs

From: Michael Voss (michaelREMOVE.CAPSvoss_at_lvrREMOVE.CAPSde)
Date: 05/13/05

  • Next message: Michael Voss: "Re: Basic question about Public Private Key Pairs"
    Date: Fri, 13 May 2005 11:00:24 +0200
    
    

    Sahil Malik wrote:

    > Public Private Key Pairs - How do they work?
    > -----------------------------------------------
    >
    > I was looking at a presentation recently in which it was suggested that -
    >
    > User 1 Encrypts a message using User 2's Public Key.
    > User 2 Decrypts the transmission using his Private Key to get the orignal
    > message.
    >
    > Is the above correct?
    > Comment #1: The above seems to suggest that Public keys allow me to
    encrypt,
    > and private keys allow me to decrypt, but vice versa is not possible (or
    the
    > above wouldn't be secure)

    You own a key pair: a public key and a corresponding private key.
    Public keys are available to public (hence "Public" key, published on the
    internet or similar). The corresponding private key is not published; you
    keep it in a secure location. You can encrypt something with each key; it
    can be decrypted with the other key of the key pair only.

    So if someone encrypts something with your public key this ensures it can be
    decrypted with your private key only. Since the only person knowing your
    private key is you, the only person to decrypt whatever was encrypted is
    you. This ensures that no one else is able to read messages encrypted with
    your public key. So the above is correct.

    >
    > If it is, then a subsequent slide shows the following for digital
    signatures
    >
    > User1 creates a hash digest.
    > User1 uses his private key to encrypt the digest to create a digital
    > signature
    > The digital signature + the original message go to user 2
    > User2 segregates the digital signature and message.
    > User 2 creates hash of the message
    > User2 decrypts the encrypted hash using User1's public key, if this equals
    > the hash calculated in the previous step - then the message has been not
    > tampered with.
    >
    > Is the above correct?
    > Comment #2: This seems to suggest that Public keys allow me to decrypt,
    but
    > vice versa is not possible (or the signature would not work).
    >

    Why shouldn't it be possible to encrypt with your public key and decrypt
    with your private key ?

    As stated above, something encrypted with any key of a public/private key
    pair can be decrypted with the other key of the pair only.
    You create a hash value for your message and encrypt it with your public
    key. This hash can be decrypted by everyone with your public key only. If
    the (decrypted) hash equals the (newly calculated) message hash, this
    indicates, that
    1.) the message has not been altered
    2.) the key used for decryption is the other key of the key pair the hash
    was encrypted with, so the message is confirmed to be encrypted by you.

    > .. QUESTION ...
    > How can both Comment #1 and Comment #2 hold true? What am I missing?

    Encrypting with a private key makes sure the message originates from you
    since it (or a corresponding hash) can only be encrypted with "your"
    (published) public key, this is a signature. The message can be read by
    everyone.

    Encrypting with a public key makes sure the message can only be read by the
    owner of the corresponding private key. This makes it a secret message.

    If you want to make sure only the intended receiver of a message can read
    the message and the receiver can ensure that you are the origin of the
    message, you would encrypt the message with the receivers public key (can be
    decrypted by the intended receiver with his private key only) and you would
    encrypt the messages hash value with your private key, making sure the
    receiver can encrypt it with your public key and compare it with the newly
    calculated hash, so he knows it was sent by you and has not been altered.

    hth
    Michael


  • Next message: Michael Voss: "Re: Basic question about Public Private Key Pairs"

    Relevant Pages

    • Re: More on learning "Public Key Authentication"
      ... let me say that in public key ... > encrypt the result with Alice's public key. ... > is sent to Alice who decrypts the message with her private key (which ... encrypted with my private key and they can then decrypt it with the ...
      (comp.sys.mac.system)
    • Re: Public - Private key
      ... As to what could be a very small private key and veyr small public key so ... decrypt A1 and likewise A1 can only decrypt P1. ... When PC1 communicates securely with PC2, PC1 will encrypt the data using the ...
      (microsoft.public.security)
    • Re: DECRYPT with PUBLIC key (how to?)
      ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
      (microsoft.public.dotnet.security)
    • RSA frustrations - encrypt with private, decrypt with public - possible?
      ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
      (microsoft.public.security)
    • RSA frustrations - encrypt with private, decrypt with public - possible?
      ... -User with name "Foo" requests license. ... -User has public key, ... sufficient - I want to encrypt / decrypt a small amount of arbitrary ... "distribute private key, ...
      (microsoft.public.dotnet.security)