Re: Basic question: Public-key encryption

On 04.06.2008, Tomás Ó hÉilidhe <toe@xxxxxxxxxxx> wrote:

What is this whole "digital signature" thing? I've heard of it but I
don't know anything about it.

It's something very similar to public-key encryption, except that it
sort of works in reverse: where public-key encryption ensures that
anyone can send a message but only you can read it, a digital
signature allows anyone to read the message but confirms that it was
sent by you.

What's so wrong with encrypting a message with my private key and also
the recipient's public key in order to ensure both encryption and
authentification?

Nothing, except that the algorithm used for encryption is designed to
ensure secrecy, but not necessarily authenticity. A signature is the
other way around: it guarantees authenticity, but provides no secrecy
on its own.

Actually, the underlying operations are _very_ similar in some ways,
and what a digital signature does probably _is_ pretty much what you
think of as "encrypting with the private key". You really only need
to consider the difference if you're planning to write your own
encryption software.

[re: public key databases]
What's to stop someone poisoning the database? I mean what's to stop
me submitting a new key for your e-mail address?

_If_ you can read my e-mail, and _if_ I have no other way to prove my
identity except being able to read my e-mail, then not much.

There is one way, though: it's called "key signing", and allows
someone who knows me personally, or has some other way to confirm my
identity, to vouch that they believe the key really belongs to me.
The reason it's called "signing" is that the way it essentially works
is by them writing a (special, machine-readable) message saying "I am
John Doe, I know Joe Blow and swear that FOOBAR is really their public
key" and digitally signing it with their own private key.

Another solution, of course, is to build your identity upon the key in
the first place: if you identify yourself online as "the guy with the
public key A7F1052C...", it's pretty hard for anyone to pretend to be
you without knowing your private key.

See also:
http://en.wikipedia.org/wiki/Key_authentication
http://en.wikipedia.org/wiki/Public_key_infrastructure
http://en.wikipedia.org/wiki/Web_of_trust

--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.
.

Relevant Pages

  • Re: one way permutation?
    ... It's still modular encryption, but it's only ... For that, you DO need public-key techniques, such as ... Look on my page about "Passwords and ... kind -> owner ...
    (sci.crypt)
  • Re: EFS and DRA. Admin unable to decrypt
    ... >So the certificate is used to identify the user & the ... EFS encryption key, the system will generate one for him. ... file using *his* private key, because his public key was incorporated ... into the public-key encryption of the FEK. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: When will we see the new DVD format?
    ... This would still work if public-key encryption hadn't been invented and ... If the answer the player needs from the Internet is a key for the disc, ... was used for encryption of the disc key. ...
    (alt.video.dvd)
  • Re: Crypto Mini-FAQ
    ... Q: What is identity-based encryption? ... It is a variant of public-key cryptograpphy, ... However, when the recipient opens the first message, ... EaSecure Corporation will not be liable to ...
    (sci.crypt)
  • Re: Ciphers and their effect on the size of data
    ... If the blob is to be encrypted, does that mean that the sender of the blob and the receiver of the blob will already have a shared secret that they will use as the encryption key? ... If so, and they can arrange to share a second secret, would a Message Authentication Code rather than a digital signature be sufficient? ... A MAC could easily be as short as 8 to 12 bytes. ... It would appear I thought I knew more than I actually do - a digital signature is encryption of a hash generated over the entire message. ...
    (sci.crypt)