RSA keys, encryption and PGPlike cryptosystems
 From: "cwill" <crypto@xxxxxxx>
 Date: Fri, 19 Jan 2007 15:18:53 0500
Can someone please help me understand (or confirm that I do understand) the
relationship between RSA keys and encryption keys in PGPlike cryptosystems?
By PGPlike crypto systems, I mean crypto systems that generate a random
encryption key, encrypt the plaintext with it, encrypt the random key with
the users RSA key and append that result to the file. First, do I have that
right? Is that what PGP does? (Assuming I'm not using conventional
encryption.)
I understand that there are lots of components to a cryptosystem, and any
one of those parts can compromise security. In this case I want to confine
my thoughts to issues with the random number generator.
If I use PGP to encrypt files and I don't want to use conventional
encryption, I first have to generate an RSA key for myself. I keep the
private part private and anyone can use the public part to encrypt messages
to me. Generating the private key is the first use of the random number
generator in this case, and a problem with the random number generator can
compromise the cryptosystem (e.g. if output of the random nunmber generator
could be predicted, an attack might recreate the computer environment that
existed when I generated the keypair and reproduce the private key). Without
commenting on the probablility of such an attack, is this a possibility to
be concerned with?
If that really is a problem (i.e. a particular PGP or other product version
is vulnerable to that type of attack) one possible solution is to generate
RSA keys separately, perhaps on another device with a "known good" random
number generator.
But even with our fixed RSA key, we still have a problem with the
cryptosystem because of the random number generator. At least I think. That
problem being, the random number generator is still used to create the
actual encryption key, so if an attacked can bypass the RSA key encryption
by recreating the actual encryption key, the cryptosystem is still
compromised. Right?
Let me try to sum this all up by walking through the encryption scenario.
I have plaintext file myfile.doc. I want to encrypt it. The encryption
scheme is 1) generate a 256 bit random number to use and encrypt with the
AES. 2) Use the RSA public key to encrypt the random number and append to
the message, or associate it with the ciphertext some other way.
If an attacked can access my RSA key either by stealing it, reading it from
cache, or recreating it, the attacker can decrypt the random encryption key
and decode the message.
If the attacked can access the random encryption key (reading ti from
someplace on the computer or recreating it) they can decrypt the message
with worrying about RSA keys.
Is all of this mostly correct. Please tell me that I am at least thinking
about the right issues as I begin to learn about the security of
cryptosystems.
Thanks in advance for thoughtful response and even for flames if they are
really deserved.
.
 FollowUps:
 Re: RSA keys, encryption and PGPlike cryptosystems
 From: Matthew Fanto
 Re: RSA keys, encryption and PGPlike cryptosystems
 Prev by Date: Re: Converting scales of True Random Numbers causes distribution deuniformization
 Next by Date: A theorem about Kak's "decimal sequences"
 Previous by thread: Linear recurrence on elliptic curve
 Next by thread: Re: RSA keys, encryption and PGPlike cryptosystems
 Index(es):
Relevant Pages
