[OT] Re: Basic question about Public Private Key Pairs
From: Michael Voss (michaelREMOVE.CAPSvoss_at_lvrREMOVE.CAPSde)
Date: Fri, 13 May 2005 11:00:24 +0200
Sahil Malik wrote:
> Public Private Key Pairs - How do they work?
> I was looking at a presentation recently in which it was suggested that -
> User 1 Encrypts a message using User 2's Public Key.
> User 2 Decrypts the transmission using his Private Key to get the orignal
> Is the above correct?
> Comment #1: The above seems to suggest that Public keys allow me to
> and private keys allow me to decrypt, but vice versa is not possible (or
> above wouldn't be secure)
You own a key pair: a public key and a corresponding private key.
Public keys are available to public (hence "Public" key, published on the
internet or similar). The corresponding private key is not published; you
keep it in a secure location. You can encrypt something with each key; it
can be decrypted with the other key of the key pair only.
So if someone encrypts something with your public key this ensures it can be
decrypted with your private key only. Since the only person knowing your
private key is you, the only person to decrypt whatever was encrypted is
you. This ensures that no one else is able to read messages encrypted with
your public key. So the above is correct.
> If it is, then a subsequent slide shows the following for digital
> User1 creates a hash digest.
> User1 uses his private key to encrypt the digest to create a digital
> The digital signature + the original message go to user 2
> User2 segregates the digital signature and message.
> User 2 creates hash of the message
> User2 decrypts the encrypted hash using User1's public key, if this equals
> the hash calculated in the previous step - then the message has been not
> tampered with.
> Is the above correct?
> Comment #2: This seems to suggest that Public keys allow me to decrypt,
> vice versa is not possible (or the signature would not work).
Why shouldn't it be possible to encrypt with your public key and decrypt
with your private key ?
As stated above, something encrypted with any key of a public/private key
pair can be decrypted with the other key of the pair only.
You create a hash value for your message and encrypt it with your public
key. This hash can be decrypted by everyone with your public key only. If
the (decrypted) hash equals the (newly calculated) message hash, this
1.) the message has not been altered
2.) the key used for decryption is the other key of the key pair the hash
was encrypted with, so the message is confirmed to be encrypted by you.
> .. QUESTION ...
> How can both Comment #1 and Comment #2 hold true? What am I missing?
Encrypting with a private key makes sure the message originates from you
since it (or a corresponding hash) can only be encrypted with "your"
(published) public key, this is a signature. The message can be read by
Encrypting with a public key makes sure the message can only be read by the
owner of the corresponding private key. This makes it a secret message.
If you want to make sure only the intended receiver of a message can read
the message and the receiver can ensure that you are the origin of the
message, you would encrypt the message with the receivers public key (can be
decrypted by the intended receiver with his private key only) and you would
encrypt the messages hash value with your private key, making sure the
receiver can encrypt it with your public key and compare it with the newly
calculated hash, so he knows it was sent by you and has not been altered.