sym / asym key concept

Ok here is a scenario and after that there is a question on concept

""
Bob can encrypt data with his private key, and the receiver can then decrypt it with Bob’s public key. By decrypting the message with Bob’s public key, the receiver can be sure the message really came from Bob. A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
""

does bob have a single private key ..bobs public key is available to everyone. so if a Man in the middle picks up this data encrypted with bobs private key, can he use the bobs public key to open the lock?

or

does bob encrypt data with a different private key each time

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

shednik

Bob would have the same private key but would at least the way I did it in a course I had was used the public key of the recipient to encrypt and then sent it off. When she received the encrypted file using her private key was able to decrypt it. I do believe they are reversible where you can encrypt with your private and decrypt with your public as well but I don't know that 100%.

dynamik

Bob wouldn't use his private key to encrypt data. People use their own private key to sign data, not encrypt it. This ensures integrity/non-repudiation, but not confidentiality. As stated, his public key is public, so anyone who has that can view the data. Instead, he would use the recipients public key to encrypt the data since the only person who can decrypt that is the recipient, with his private key.

nanga

ohh ok..

so signing with ones private key is to prove non repudiation and not confidentiality.

So its just to say " dude i assure u this came from me and anyone having my public key can read the data"

shednik

I forgot to add that bob would use his private key to sign it which dynamik picked up the slack for me...oh how nice of him

shednik

nanga wrote:

So its just to say " dude i assure u this came from me and anyone having my public key can read the data"

EDIT: It can be done that way but I wouldn't want my encrypted data to be decrypted by a public key. I was taught the proper way would be you would encrypt the data with the recipients public key, digitally sign it saying it was from you with your private key. the recipient would use his/her private key to decrypt the data and you public key to verify it was form you.

LarryDaMan

dynamik wrote:

Bob wouldn't use his private key to encrypt data. People use their own private key to sign data, not encrypt it. This ensures integrity/non-repudiation, but not confidentiality. As stated, his public key is public, so anyone who has that can view the data. Instead, he would use the recipients public key to encrypt the data since the only person who can decrypt that is the recipient, with his private key.

Very good explanation. This is Security+ level material. You gotta have these concepts down cold if you are taking the CISSP.

nanga

yup thats bang on target...

susanj

nanga wrote:

Ok here is a scenario and after that there is a question on concept

""
Bob can encrypt data with his private key, and the receiver can then decrypt it with Bob’s public key. By decrypting the message with Bob’s public key, the receiver can be sure the message really came from Bob. A message can be decrypted with a public key only if the message was encrypted with the corresponding private key.
""

does bob have a single private key ..bobs public key is available to everyone. so if a Man in the middle picks up this data encrypted with bobs private key, can he use the bobs public key to open the lock?

or

does bob encrypt data with a different private key each time

It is possible to use an asymmetric cipher in that way in theory, but usually there is almost always a random generated key that is used to encrypt the data and then that random key is encrypted with the recipient public key. The recipient first decrypt the random key using his own private key and then that random key is used to decrypt data.

Using an asymmetric cipher alone is extremely slow and it's also less secure.