Public key and other misc...

reloaded

Hey all. I'm starting my Security+ studies and I have a few questions about the basics of public key encryption and certificates...

1) What makes a key "public" and how do computers decide what key to use? Where do the public keys come from to begin with? And if a key is "public" can't anyone just tap into a network and decrypt the "public" key?

2) I understand certificates are given via browser or email application software, but if you can just accept a certificate when you go to say a government website, how does that make anything secure to begin with?

Thanks for answering anyone. I have knowledge and experience with hardware bulk encryption devices, but after using just hardware and a specific keying material, I'm not really getting software encryption. Thanks again!

Webmaster

1. I think you should be able to find the answers to your first questions by reading this: www.techexams.net/technotes/securityplus/emailsecurity.shtml

2. That certificate identifies the server to you. You can check the contents of the certificate to see if it is issued by a CA that you trust, and if the certificate contains a key you can trust the key is actually the key of the server you want to communicate with.

/usr

Once you study PKI and CA's, this will all make sense to you.

You asked for a lot of information there. Without writing an essay, it's difficult for us to explain it. Follow Webmaster's link and check out the Technotes, then ask questions on what you don't understand.