Re: couple more Q's on basic public key encryption techniques

From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 05/11/05 

Date: 11 May 2005 15:29:38 GMT

"xz" <jasonshohet@gmail.com> writes:

>Carlos you are answering it... I think I'm starting to get a rough
>understanding of the issue. You said:
> " encrypting the whole several megabytes [message] with a public-key
>algorithm would be insanely slow. So, both parties agree on a
>symmetric algorithm, and exchange the key they're going to use -- to
>exchange that key in absolute secrecy, they use public-key (required
>only to encrypt a few bytes) ".

>So this is answering why people bother with the symmetric encryption of
>the message, VS just encrypting the message with the receiver's public
>key. Can you tell me if this pseudo-description looks right, and if
>so, I have a question beneath it:

>msg digest + msg enc. w/ symmetric key + symmetric key enc. w/
>receiver's public key
>[123a)(*$:@] + [456)@#j*lS:df2@l20f@3f] + [789sf)@f2]

>Regarding the above, [123...] is the digest of the message. Thats
>encrypted with my private key. I'm kind of confused about this digest
>thing. I read somewhere that [123...] is supposed to match [456...]
> and if its a match, its 'basically' a digital signature -- and means
>the message can't be repudiated. That may not be 100% true, but the
>point is -- doesn't that take time to apply my private asymmetric key
>to the entire message just to come up with a digest? Aren't we
>supposed to avoid using private keys if possible. Why not just use the
>symmetric key to encrypt the message & encrypt the symmetric key with
>the receiver's public key & be done with it -- no message digest :)

Because you want to accomplish a variety of things.
a) you want to make sure that the decrypted message is the same as the
message sent out.
b) you want make sure that the message came from the person it claims to
have come from.

The first you accomplish by use of a cryptographic hash of the message
included in the message.
The second you accomplish by signing the message-- not by encryption the
entire message, but encrypting some small "message" with your private key
(eg encrypt the hash with your private key) Youcertainly do NOT encrypt the
entire message with your private key.

Relevant Pages

  • Re: RSACryptoServiceProvider decrypt with public key
    ... key/decrypt with the private key and encrypt with the private key/decrypt ... encrypt data and send it back to Alice. ... only she can decrypt Bob's data. ... see the public key and the encrypted data, but she could not decrypt Bob's ...
    (microsoft.public.dotnet.security)
  • Re: Copy protection for a .NET application
    ... is stored in a flash memory of the smartcard, ... Hawill you reveal a private key, that's known by just one party. ... > 2) Encrypt the secret and IV with the public key. ... > 4) HL decrypts the stringusing private RSA key stored in the lock. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Copy protection for a .NET application
    ... is stored in a flash memory of the smartcard, ... Hawill you reveal a private key, that's known by just one party. ... > 2) Encrypt the secret and IV with the public key. ... > 4) HL decrypts the stringusing private RSA key stored in the lock. ...
    (microsoft.public.dotnet.framework)
  • Re: Copy protection for a .NET application
    ... is stored in a flash memory of the smartcard, ... Hawill you reveal a private key, that's known by just one party. ... > 2) Encrypt the secret and IV with the public key. ... > 4) HL decrypts the stringusing private RSA key stored in the lock. ...
    (microsoft.public.dotnet.general)
  • Re: Encrypted files do they work for backups?
    ... Small Business IT Support ... >>If I use the administrator account, and I encrypt it EFS on a External ... >>> format you need the private key to decrypt the files ... do you have the recovery agent Encrypting File ...
    (microsoft.public.windows.server.sbs)
Quantcast