# RSA keys, encryption and PGP-like cryptosystems

*From*: "cwill" <crypto@xxxxxxx>*Date*: Fri, 19 Jan 2007 15:18:53 -0500

Can someone please help me understand (or confirm that I do understand) the

relationship between RSA keys and encryption keys in PGP-like cryptosystems?

By PGP-like crypto systems, I mean crypto systems that generate a random

encryption key, encrypt the plaintext with it, encrypt the random key with

the users RSA key and append that result to the file. First, do I have that

right? Is that what PGP does? (Assuming I'm not using conventional

encryption.)

I understand that there are lots of components to a cryptosystem, and any

one of those parts can compromise security. In this case I want to confine

my thoughts to issues with the random number generator.

If I use PGP to encrypt files and I don't want to use conventional

encryption, I first have to generate an RSA key for myself. I keep the

private part private and anyone can use the public part to encrypt messages

to me. Generating the private key is the first use of the random number

generator in this case, and a problem with the random number generator can

compromise the cryptosystem (e.g. if output of the random nunmber generator

could be predicted, an attack might recreate the computer environment that

existed when I generated the keypair and reproduce the private key). Without

commenting on the probablility of such an attack, is this a possibility to

be concerned with?

If that really is a problem (i.e. a particular PGP or other product version

is vulnerable to that type of attack) one possible solution is to generate

RSA keys separately, perhaps on another device with a "known good" random

number generator.

But even with our fixed RSA key, we still have a problem with the

cryptosystem because of the random number generator. At least I think. That

problem being, the random number generator is still used to create the

actual encryption key, so if an attacked can bypass the RSA key encryption

by recreating the actual encryption key, the cryptosystem is still

compromised. Right?

Let me try to sum this all up by walking through the encryption scenario.

I have plaintext file myfile.doc. I want to encrypt it. The encryption

scheme is 1) generate a 256 bit random number to use and encrypt with the

AES. 2) Use the RSA public key to encrypt the random number and append to

the message, or associate it with the ciphertext some other way.

If an attacked can access my RSA key either by stealing it, reading it from

cache, or recreating it, the attacker can decrypt the random encryption key

and decode the message.

If the attacked can access the random encryption key (reading ti from

someplace on the computer or recreating it) they can decrypt the message

with worrying about RSA keys.

Is all of this mostly correct. Please tell me that I am at least thinking

about the right issues as I begin to learn about the security of

cryptosystems.

Thanks in advance for thoughtful response and even for flames if they are

really deserved.

.

**Follow-Ups**:**Re: RSA keys, encryption and PGP-like cryptosystems***From:*Matthew Fanto

- Prev by Date:
**Re: Converting scales of True Random Numbers causes distribution de-uniformization** - Next by Date:
**A theorem about Kak's "decimal sequences"** - Previous by thread:
**Linear recurrence on elliptic curve** - Next by thread:
**Re: RSA keys, encryption and PGP-like cryptosystems** - Index(es):