Fwd: public/private keys.... what are they?

Stephen Partington cryptworks at gmail.com
Mon Feb 16 20:18:02 MST 2015 

Stolen but relevant.

The Public and Private key pair comprise of two uniquely related
cryptographic keys (basically long random numbers). Below is an example of
a Public Key:

3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31
C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673
CA2B 4003 C266 E2CD CB02 0301 0001

The Public Key is what its name suggests - Public. It is made available to
everyone via a publicly accessible repository or directory. On the other
hand, the Private Key must remain confidential to its respective owner.

Because the key pair is mathematically related, whatever is encrypted with
a Public Key may only be decrypted by its corresponding Private Key and
vice versa.

For example, if Bob wants to send sensitive data to Alice, and wants to be
sure that only Alice may be able to read it, he will encrypt the data with
Alice's Public Key. Only Alice has access to her corresponding Private Key
and as a result is the only person with the capability of decrypting the
encrypted data back into its original form.

As only Alice has access to her Private Key, it is possible that only Alice
can decrypt the encrypted data. Even if someone else gains access to the
encrypted data, it will remain confidential as they should not have access
to Alice's Private Key.

From
https://www.comodo.com/resources/small-business/digital-certificates2.php
On Feb 16, 2015 7:57 PM, "Michael Havens" <bmike1 at gmail.com> wrote:

> no.... no..... Joseph says it is like two locks.When you unlock one you
> lock the other? hmmmm....
>
> :-)~MIKE~(-:
>
> On Mon, Feb 16, 2015 at 7:49 PM, Michael Havens <bmike1 at gmail.com> wrote:
>
>> and then the public key everyone can see and the private one only you can
>> see?
>>
>> :-)~MIKE~(-:
>>
>> On Mon, Feb 16, 2015 at 7:45 PM, Michael Havens <bmike1 at gmail.com> wrote:
>>
>>> is a real simplified version that it is like two locks locked together
>>> and each key opens one of the locks?
>>>
>>> :-)~MIKE~(-:
>>>
>>> On Mon, Feb 9, 2015 at 7:05 PM, Joseph Sinclair <
>>> plug-discussion at stcaz.net> wrote:
>>>
>>>> Lots of confusion here.  Let me try to clarify (a small amount).
>>>>
>>>> Background:
>>>> "Public Key" cryptography is also called "Asymmetric Cryptography".
>>>> The reason is that there are two different keys, and they only work
>>>> together in an "asymmetric" fashion (whatever one key does, the other key
>>>> undoes).
>>>> The keys are "related" mathematically, but it is (currently) not
>>>> possible to figure out one key from the other (so having a public key does
>>>> not help you determine the private key).
>>>>
>>>> 1) There are two keys.
>>>>   a) There are also two *actions*, encryption (hiding content from
>>>> unauthorized viewers) and verification (proving a message is authentic and
>>>> from a known entity).
>>>> 2) *Either* key can be used to encrypt, but the *other* key is needed
>>>> to decrypt.
>>>>   a) that means public(encrypt) ==> private(decrypt) *or*
>>>> private(encrypt) ==> public(decrypt).
>>>>   b) a single key cannot both encrypt and decrypt the same message
>>>> (That's why it's called "asymmetric encryption", the keys are *not*
>>>> interchangeable).
>>>> 3) The "Public" key  is meant to be published far and wide.  It is used
>>>> to encrypt a message intended for the key "owner", and it is also used (by
>>>> decrypting a hash) to "verify" that a message was sent by the real owner
>>>> (signature).
>>>> 4) The "Private" key is meant to be kept strictly secret.  It can
>>>> decrypt any message encrypted by the public key.  It can also encrypt a
>>>> message that only the "Public" key can decrypt (see signature below).
>>>>
>>>> Encryption is the function most people understand (it's also very
>>>> rarely used**).  You encrypt a message using the "Public" key as the
>>>> encryption key.
>>>> Once encrypted the data is essentially static to anyone who does not
>>>> possess the "Private" key.
>>>> There are a ton of details involved, so it's rarely explained further
>>>> than that without reading an entire textbook (or 3).
>>>>
>>>> There is a *related* function called "verification" or "Digital
>>>> Signature".  This is used to prove (without ever exposing a secret) that a
>>>> particular entity possesses the secret "Private" key.
>>>> This is how you know your HTTPS connection is connected to the correct
>>>> endpoint rather than some imposter (it's also how ssh passwordless login
>>>> works).
>>>> This involves (very simplified) using the "Private" key to encrypt the
>>>> hash of a message (to sign the message) or a "nonce" value (to verify
>>>> endpoint identity, e.g. SSL).
>>>> Once the value (hash or nonce) is encrypted by the "Private" key, only
>>>> the matching "Public" key will decrypt it.
>>>> So if someone sent you a message and it's encrypted hash, then you
>>>> decrypt the hash with the "Public" key, and if it decrypts correctly you
>>>> know it is valid.
>>>> Of course, you would also hash the message (there are standard
>>>> algorithms for generating these "hash" values) and see if your results
>>>> match what you decrypted (if they don't, then the message isn't what the
>>>> sender meant to send).
>>>>
>>>> There are several ways of implementing assymetric cryptography, the
>>>> most commonly used is with the RSA family of algorithms.
>>>> The "elliptic curve" (or "EC") family of algorithms have grown in
>>>> popularity in recent years, but are still only occasionally used.
>>>> The two are mostly different in the mathematics behind how and why they
>>>> work.
>>>> The basic concepts (two keys, two operations, what one key does the
>>>> other undoes) are the same.
>>>>
>>>> Hopefully that helps a bit.
>>>>
>>>> Public Key Cryptography (and Asymmetric Cryptography in general) is a
>>>> huge and complex topic, so I second Todd's suggestion that if you want to
>>>> really understand this, you will want to read a few good textbooks on the
>>>> subject.
>>>>
>>>> ==Joseph++
>>>>
>>>> ** Some will say that SSL uses public key encryption.  This is true,
>>>> but misleading, because the public key encryption is only used during the
>>>> "handshake" where the SSL connection is setup to encrypt the exchange of
>>>> symmetric keys.  This "key exchange" is what Diffie and Helman invented
>>>> that makes modern PKI possible.
>>>> The encryption that does all the heavy lifting of keeping the SSL
>>>> tunnel secure is always a "block" (symmetric) algorithm, most commonly AES
>>>> (for modern systems where security is properly implemented) or 3DES
>>>> (slightly older but still pretty secure) or RC4 (completely insecure and
>>>> used by extremely badly managed sites running ancient and horribly flawed
>>>> web server software, unfortunately there are still far too many very large
>>>> businesses that do this).
>>>>
>>>>
>>>> On 02/09/2015 06:01 PM, Michael Havens wrote:
>>>> > helps some but you state:
>>>> >
>>>> > you want others to be able to check that you actually
>>>> > sent the message (by using your public key)
>>>> >
>>>> > Where do they get your public key?
>>>> > How does your public key and private key decrypt when it seems the
>>>> public
>>>> > key changes.
>>>> >
>>>> > :-)~MIKE~(-:
>>>> >
>>>> > On Mon, Feb 9, 2015 at 5:48 PM, someone wrote:
>>>> >
>>>> >> So if I'm right calling it a 'key' is a misnomer. I am a very literal
>>>> >> person. if they call it a key it unlocks things, not creates them.
>>>> >> That is where my confusion is from. Am I correct?
>>>> >>
>>>> >> Not quite correct...
>>>> >>
>>>> >> Both the public and private keys ARE keys... they're just used a
>>>> >> little differently.
>>>> >>
>>>> >> You keep your private key secure, and use it to digitally sign a
>>>> >> message when you want others to be able to check that you actually
>>>> >> sent the message (by using your public key). Others can send an
>>>> >> encrypted message that only you can decode, by encrypting the message
>>>> >> using your public key. When you get the message, you can use your
>>>> >> private key to undo the encryption that was done using your public
>>>> >> key.
>>>> >>
>>>> >> So, in a way, the public and private keys can be thought of as two
>>>> >> pieces of a single, combined key. The software that does the signing
>>>> >> or encryption (using the keys), such as gnupg, pgp, etc., is more
>>>> like
>>>> >> the lock that the keys fit.
>>>> >>
>>>> >> I hope that helps.
>>>> >> --
>>>> >> Kevin O'Connor
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > ---------------------------------------------------
>>>> > PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> > To subscribe, unsubscribe, or to change your mail settings:
>>>> > http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> >
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20150216/1371d57b/attachment.html>

More information about the PLUG-discuss mailing list