Options

# Requesting Explaination of Public-Key Cryptography

Member Posts: 43 ■■□□□□□□□□
Hello, I'm trying to understand PK crypto and I'm just not understanding something correctly or something is just not clicking in my head. What I have thusfar is that the public key is out there, in the ether, per se, and then I want to encrypt a message. For this example, let's say that there are three people involved: Matt, Mindy, and Mike. Matt and Mindy want to confidentially talk, and Mike wants to snoop. So, Matt encrypts a message with the public key (? is this right) and sends it to Mindy. She decrypts it with her private key (? is this right). So what's stopping Mike from just decrypting it with a made up private key of his own? --- This is really frustrating me, I think that it's staring me right in the face but I've been thinking about this all day and I'm all flustered because I don't see the security in this. Do the keys need to be exchanged (diffie-hoffman?) in this case, can you sniff for other user's keys? So maybe a simple explaination of PK encryption might be helpful. You'd be doing me a huge service in helping me--I'm the kind of person who just beats his head in when I can't understand something. Thanks in advance. Sincerely, msbachman

• Options
Member Posts: 2,687 ■■■■■■■■■□
Think of it this way: If Tom wants to send Susan a message and make sure its stays private, he will encrypt the message with HER public key. Susan will then use HER private key ( which only she possesses) and uses it to decrypt the message. Susan can give her public to anybody who needs to send her a message.
If nosy frank intecepts the message from Tom to Susan, he can't decrypt it, it will be gibberish to him.

Public key= available to anybody
Private key = kept secret.

They are like a matched set. one locks, the other unlocks.

Hope that helps. What books are you reading?
• Options
Banned Posts: 12,312 ■■■■■■■■■□
Yea, Mike can't just make up a private key. The public and private are mathematically related.

Wikipedia does a decent job of explaining this:
Public-key cryptography - Wikipedia, the free encyclopedia
Public key infrastructure - Wikipedia, the free encyclopedia
• Options
Member Posts: 43 ■■□□□□□□□□
Psoasman wrote: »

Hope that helps. What books are you reading?

It did help quite a bit. So, each person involved in a PK crypt. exchange has their own public key? : So like for people sending me a message, I would have a public key, and they'd use that to encrypt it?

In regards to the first follow up question in the paragraph I just wrote, if this is the case, then everything is clear now. THANKS!

Oh, and I'm working with TestOut Navigator 5.0 Security+. It's alright, but I am up for suggestions if you would be willing to provide any.

Thanks again for the help.

Sincerely,
msbachman
• Options
Member Posts: 43 ■■□□□□□□□□
dynamik wrote: »

I'll re-read this again. Thanks. I think I might be able to make some more sense of this now.

-msbachman
• Options
Banned Posts: 12,312 ■■■■■■■■■□
Correct, each party has their own public/private key pair. If you want people to encrypt something that only you can see, you give them your public key. If you're encrypting something for someone else, you use their public key.

Have you got to signing yet? If you sign something, you use your private key. Nothing is kept confidential since anyone can decrypt it with your public key. However, it verifies the authenticity of whatever was signed (email, software, etc.) because only the person with the private key could do that.
• Options
Member Posts: 2,687 ■■■■■■■■■□
The sybex book does a decent job of explaining how PKI works. Read as many sources as you can and something should stick.
• Options
Mod Posts: 5,161 Mod
Psoasman wrote: »
Think of it this way: If Tom wants to send Susan a message and make sure its stays private, he will encrypt the message with HER public key. Susan will then use HER private key ( which only she possesses) and uses it to decrypt the message. Susan can give her public to anybody who needs to send her a message.
If nosy frank intecepts the message from Tom to Susan, he can't decrypt it, it will be gibberish to him.

Public key= available to anybody
Private key = kept secret.

They are like a matched set. one locks, the other unlocks.

Hope that helps. What books are you reading?

Exactly, and if Tom wants to prove to Susan that it's really him sending the message, he can digitally sign the message with his private key and Susan can verify that it's him with his public key. (That's the whole "key-exchange" part, they each give a public key to the other.)

Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials

Let it never be said that I didn't do the very least I could do.