Public/Private Keys question

Question for the gurus......
When using Asymmetric encryption to send a message to someone, do you always use your Private key to encrypt, or do you sometimes use the public key of the recipient? I'm studying for the exam ( plan on taking it next week) and this is a bit confusing.....

Find more posts tagged with

Comments

apena7

Simple scenario: everyone has a public key and a private key. If I want to encrypt something and send it to you, I would encrypt it using your public key. In order for you to decrypt it, you would use your private key.

rsutton

apena7 wrote: »

Simple scenario: everyone has a public key and a private key. If I want to encrypt something and send it to you, I would encrypt it using your public key. In order for you to decrypt it, you would use your private key.

Isn't that backwards? Don't you encrypt it with the private key and the recipient decrypts it with the public key?

dynamik

If you're sending confidential information to someone, you would use their public key since the only thing that could decrypt it would be their private key. If you used your private key, anyone who had your public key could decrypt it, which is not what you want if you're trying to maintain confidentiality.

However, that is a typical scenario for signing. You might care only about maintaining the integrity of information, and you would then sign it with your private key, so anyone with your public key could verify the integrity with your public key.

You can also simultaneously encrypt with the other party's public key and sign with your private key.

veritas_libertas

Exactly = Public-key cryptography - Wikipedia, the free encyclopedia

dorawe

OK, you guys are making my head hurt..........let's see if I have this straight, use the public key of the recipient to encrypt a message, or use my private key to digitally sign (no encryption of msg data)?

Darril

Great question. Yes, you have it right.

Just to add a little to what others have said.

Encrypting data. Data is encrypted with the receiver's public key and decrypted with the receiver's private key. Since no one else has the private key, no one else can decrypt the data even if it's sent over a public network like the Internet.
This blog entry discusses how SSL uses asymmetric encryption this way.
Security Plus: Get Certified Get Ahead: SSL, OCSP vs CRL

Digital signatures. A hash of the message is encrypted with the sender's private key. The receiver can then decrypt the hash with the sender's public key. The public key will only decrypt data encrypted with the matching private key so if the public key decrypted it, you know it was encrypted with the matching private key and you know it was sent by that user.
This blog entry discusses digital signatures.
Security Plus: Get Certified Get Ahead: Digital Signatures

HTH,

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

dorawe wrote: »

OK, you guys are making my head hurt..........let's see if I have this straight, use the public key of the recipient to encrypt a message, or use my private key to digitally sign (no encryption of msg data)?

ilcram19-2

in email encryption
the most common mistake i see is the belief that possessing an email encryption centificate means that you can send encrypted email to any one in your address book and actually it is the opposite. possessing an email certificate means that maybe, just maybe, some one out there can send ""you"" an encrypted message. That is only if they can retrive your email certificate from some directory.

same thing is applied to any other sort of file encryption since only the person who has your certificate will be able to encrypt it and ""you"" will be the only one decrypting it with you private key

digital sign means that you are sending "your" certificate (public key) to a recipient

encrypting means that you are encrypting email with "someone elses" certificate (public key)

dorawe

Thanks guys..........the nor'easter is pounding, so I'm going to work from home.