Re: Separating public and private keys
From: Alun Jones [MSFT] (alunj_at_online.microsoft.com)
Date: 04/14/05
- Next message: Alun Jones [MSFT]: "Re: :: validate a messages"
- Previous message: Werther: "Help with GinaStub"
- In reply to: Bob: "Re: Separating public and private keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Apr 2005 09:25:35 -0700
Asymmetric encryption is usually only used for the first part of an
exchange - identifying yourself to the other party, and mutually agreeing on
a secure key for symmetric encryption for the session.
That way, the "really really secret key" is only required to be in memory
for a short time, for a brief amount of data, and can be relied on to be
safe even if the session key is extracted from memory. It also means you're
not using a very slow encryption technique for the bulk of your data.
Technically, you could encrypt everything you send with the recipient's
public key, but it's slow, and you have to split messages into short chunks.
Encryption techniques are most reliable when you use them as they were
designed to be used, because that's where the focus is on protecting against
attack. Of course, a really good developer of encryption systems will try
to protect them as much as possible from flaws in unintended uses, but a
really good developer of a protocol that relies on those encryption systems
will use them as they are intended to be used.
Alun.
~~~~
-- Software Design Engineer, Internet Information Server (FTP) This posting is provided "AS IS" with no warranties, and confers no rights. "Bob" <Bob@discussions.microsoft.com> wrote in message news:164701c540c2$8febde40$a501280a@phx.gbl... > Oh right. > > So really, when using asymmetrical encryption, it should > be used in the public/private sense where one party has > all the information and the other party has only part of > it. Trying to use asymmetrical encryption in a way that > relies on one key known only by one party and the other > key known only by the other party is not possible. > > Thanks, > Bob. > > > >>-----Original Message----- >>Also, if you have the private key, you implicitly (if not > explicity) essentially >>have the public key, since the "public key" is > essentially the modulus which is just >>the product of the two private primes (P, Q). (and of > course the public exponent, >>which for RSA keys is almost always 65,537.) >> >>It is also worth pointing out that there are several > different encoded formats >>for the "public key", e.g. SubjectPublicKeyInfo, > RSAPublicKey , .NET "publickey", PUBLICKEYBLOB >> >>See this article for details on these formats: >> http://www.jensign.com/JavaScience/dotnet/JKeyNet >> >>- Mitch Gallant >> MVP Security >> JavaScience Consulting >> >>"lelteto" <lelteto@discussions.microsoft.com> wrote in > message news:2412BAA8-DFDE-4594-A279- > 7427A29F4829@microsoft.com... >>> 1. In CAPI containers the public key exists together > with the private key >>> simply to be available (if needed). >>> 2. You can export the public key w/o the private key - > simply use >>> PUBLICKEYBLOB type. >>> 3. In certificates only the public key present - never > the private key. >>> 4. When you export the certificate you can decide if > you want to export the >>> private key, too. If yes, your format will be PKCS#12 > (pfx); if not your >>> export format is either PKCS#7 or the certificate > itself. >>> >>> Laszlo Elteto >>> SafeNet, Inc. >>> >>> "Bob" wrote: >>> >>> > Hi, >>> > >>> > Is there any way to isolate the private key from the >>> > public key? >>> > >>> > As I understand, the public key can be exported > without >>> > the private key. The public key is also stored inside >>> > certificates. However, the private key seems to always >>> > exists together with the public key when inside a key >>> > container, inside a pfx file or as exported as a > BLOB). Is >>> > this the case? >>> > >>> > Thanks, >>> > Bob. >>> > >>> > >> >> >>. >>
- Next message: Alun Jones [MSFT]: "Re: :: validate a messages"
- Previous message: Werther: "Help with GinaStub"
- In reply to: Bob: "Re: Separating public and private keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
