RSA keys, encryption and PGP-like cryptosystems



Can someone please help me understand (or confirm that I do understand) the
relationship between RSA keys and encryption keys in PGP-like cryptosystems?

By PGP-like crypto systems, I mean crypto systems that generate a random
encryption key, encrypt the plaintext with it, encrypt the random key with
the users RSA key and append that result to the file. First, do I have that
right? Is that what PGP does? (Assuming I'm not using conventional
encryption.)

I understand that there are lots of components to a cryptosystem, and any
one of those parts can compromise security. In this case I want to confine
my thoughts to issues with the random number generator.

If I use PGP to encrypt files and I don't want to use conventional
encryption, I first have to generate an RSA key for myself. I keep the
private part private and anyone can use the public part to encrypt messages
to me. Generating the private key is the first use of the random number
generator in this case, and a problem with the random number generator can
compromise the cryptosystem (e.g. if output of the random nunmber generator
could be predicted, an attack might recreate the computer environment that
existed when I generated the keypair and reproduce the private key). Without
commenting on the probablility of such an attack, is this a possibility to
be concerned with?

If that really is a problem (i.e. a particular PGP or other product version
is vulnerable to that type of attack) one possible solution is to generate
RSA keys separately, perhaps on another device with a "known good" random
number generator.

But even with our fixed RSA key, we still have a problem with the
cryptosystem because of the random number generator. At least I think. That
problem being, the random number generator is still used to create the
actual encryption key, so if an attacked can bypass the RSA key encryption
by recreating the actual encryption key, the cryptosystem is still
compromised. Right?

Let me try to sum this all up by walking through the encryption scenario.

I have plaintext file myfile.doc. I want to encrypt it. The encryption
scheme is 1) generate a 256 bit random number to use and encrypt with the
AES. 2) Use the RSA public key to encrypt the random number and append to
the message, or associate it with the ciphertext some other way.

If an attacked can access my RSA key either by stealing it, reading it from
cache, or recreating it, the attacker can decrypt the random encryption key
and decode the message.

If the attacked can access the random encryption key (reading ti from
someplace on the computer or recreating it) they can decrypt the message
with worrying about RSA keys.

Is all of this mostly correct. Please tell me that I am at least thinking
about the right issues as I begin to learn about the security of
cryptosystems.

Thanks in advance for thoughtful response and even for flames if they are
really deserved.



.



Relevant Pages

  • Re: Question: storing a secret shared key with minimal storage
    ... > I'd like to make an automatic setup of harddisks, ... > storage media with minimal storage space - eg. a smartcard with only a ... it creates quite a penalty for a bad RSA key guess, ... You also need to be aware that disk encryption is not as easy as it at first ...
    (sci.crypt)
  • Protecting Rijndael/AES encrypted data
    ... It is easy to use 256 bit Rijndael symmetric encryption with .NET. ... For persistent data that is encrypted, the strength of the protection ... How big an RSA key is required to match a fully random 256 bit symmetric key? ...
    (microsoft.public.platformsdk.security)
  • Protecting Rijndael/AES encrypted data
    ... It is easy to use 256 bit Rijndael symmetric encryption with .NET. ... For persistent data that is encrypted, the strength of the protection ... How big an RSA key is required to match a fully random 256 bit symmetric key? ...
    (microsoft.public.dotnet.security)
  • Re: RSACryptoServiceProvider minimum key-length
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... symetric encryption will be done with 3DES; ... RSA key needs to be 256 bit, then the spec itself doesn't understand how ...
    (microsoft.public.dotnet.security)
  • Re: RSA keys, encryption and PGP-like cryptosystems
    ... relationship between RSA keys and encryption keys in PGP-like cryptosystems? ... That's the way a lot of cryptosystems work. ... I first have to generate an RSA key for myself. ... commenting on the probablility of such an attack, ...
    (sci.crypt)