symmetric vs assymetric keys

i understand the concept well but then the scenario below is confusing. this is out of the text book. i understand what they are saying and makes sense but what is stopping the bad guy from also sending an encrypted email with his private key? also i thought private keys were to be not sent out?

******
For example, consider the following scenario. There are three people on a network—
Bob, Susan, and Badguy—using asymmetric encryption. Susan wishes to send an encrypted
message to Bob and asks for a copy of his public key. Bob sees this request, and
so does Badguy. Both send her a public key that says “Bob’s Public Key.” Susan is now
confused, because she does not know which key is the real one. So how can they prove
to each other exactly who they are? How can Bob send a public key to Susan and have
her, with some semblance of certainty, know it’s actually from him?

The answer, of course, is for Bob to send a message from his system encrypted with
his private key. Susan can then attempt to decrypt the message using both public keys.
The one that works must be Bob’s actual public key because it’s the only key in the
world that could open a message encrypted with his private key. Susan, now happy with
the knowledge she has the correct key, merrily encrypts the message and sends it on.

Bob receives it, decrypts it with his private key, and reads the message. Meanwhile, Badguy
weeps in a corner, cursing the cleverness of the asymmetric system.

Find more posts tagged with

Comments

SecurityThroughObscurity

So there is coming up PKI.
CA issues digital certificates for Bob and Susan that binds their public keys with respective user identities.
So they can prove to each other who they are.

Spaced

No one is sending out a private key in this scenario. The point is that only Bob's public key can decrypt the message encrypted with his private key. If she tries to decrypt his message with bad guy's public IT won't work. Although you've right. If she couldn't tell who sent the public key how would she know who sent the encrypted message if both Bob and bad guy send one. She would be able to decrypt both an still not know who is who. Can't certificates authorities do some sort of validation of the owner of the public keys though?

EDIT: sorry I didn't see the reply above me. The CA would validate ownership of the public key.

Darril

Welcome to the forums mrbinary. Here are some key points to remember about keys used with asymmetric encryption:

If the public key encrypts information, only the matching private key can decrypt the same information.
If the private key encrypts information, only the matching public key can decrypt the same information.
Private keys are always kept private and never shared.
Public keys are freely shared by embedding them in a certificate.

As mentioned by the other two replies, the CA verifies the certificate (and in turn the public key).

mrbinary wrote: »

The answer, of course, is for Bob to send a message from his system encrypted with his private key.

Not sure if that's the answer from the book, but it isn't accurate. A "message" isn't encrypted with a private key because it wouldn't ensure confidentiality. Anyone with the public key can decrypt it and anyone can get the public key because it is shared publicly via the certificate. Within an organization, systems are able to retrieve certificates from an internal CA which provides them with other user's public keys.

When exchanging data privately, two users can exchange certificates prior to sending encrypted data.

As an overview, here's how the keys are used in two different instances:

E-mail digital signatures

The sender’s private key encrypts (or signs) a hash of the message.
The sender’s public key decrypts the hash of the message

E-mail encryption

The recipient’s public key encrypts the message
The recipient’s private key decrypts the message

It's important to realize that these are two completely separate instances. An email can be encrypted only, digitally signed only, or encrypted and digitally signed.

Hope this helps.

mrbinary

thanks for all the replies, my main confusion was how come the badguy cna't also send a private key, how will susan really know who sent the real private key. i guess i have further reading to do the next section talks about the CA and it probabaly overlooks this part.

thanks guys.

teancum144

mrbinary wrote: »

Bob sees this request, and so does Badguy. Both send her a public key that says “Bob’s Public Key.” Susan is now confused, because she does not know which key is the real one.

Just a few additional thoughts. I see two possibilities:

Badguy has sent Susan a counterfeit public key attributed to Bob, or
Badguy has obtained a copy of Bob's legitimate public key and has sent it to Susan

.In case #1, as SecurityThroughObscurity indicates, the counterfeit public key would be discovered by validating it with the CAIn case #2, after both are validated with the CA, Susan could encrypt a small amount of text with the Bob's public key, ask the Bobs to decrypt it and reply with the message in clear text. Only the real Bob would be able to do so because only the real bob will have the corresponding private key.

Spaced

Thanks for the clarification teancum 144. I am just barely scratching the surface with security info and your explanation helped me better understand this.

mrbinary

i kind of get it, so all this is possible only if a CA is used. i understand teancums explanation but can you also explain

"How can Bob send a public key to Susan and have
her, with some semblance of certainty, know it’s actually from him?

The answer, of course, is for Bob to send a message from his system encrypted with
his private key. Susan can then attempt to decrypt the message using both public keys."

WHAT IS STOPPING the bad guy from also attempting this? the author fails to mention that scenario or am i missing the obvious? also why is the private key being sent out or is it not being sent out just used to encrypt the message?

thanks again guys.

teancum144

mrbinary wrote: »

WHAT IS STOPPING the bad guy from also attempting this?

As Darril alluded, digital signature is used to authenticate the sender.

The sender encrypts a small piece of text (typically a hash of the message) with his private key (this creates the sender's digital signature).
The receiver decrypts this text with the sender's public key (the public key has been previously verified by the CA).
If the receiver can decrypt the text, only the matching private key could have encrypted it (authenticating the sender).

mrbinary wrote: »

why is the private key being sent out or is it not being sent out just used to encrypt the message?

The private key is never sent out.

mrbinary

got it thanks. now a question regarding the below. who is the HE they are referring to here. should it not have been the CA instead of he?

Bob applied for his digital certificate through the CA and anxiously
awaits an answer. The cert arrives and Bob notices two things: First, the certificate itself
is encrypted. Second, the CA provided a copy of its own public key. Confused, he asks
his security person what this all means.

Bob learns this method is used to deliver the cert to the individual safely and securely,
and also provides a means for Bob to be absolutely certain the cert came from the
CA and not from some outside bad guy.

How so? The cert was encrypted by the CA
before he sent it using the CA’s private key. Because the only key in existence that could
possibly decrypt it is the CA’s own public key, which is readily available to anyone, Bob
can rest assured he has a valid cert.

paul78

Is Bob having an affair with Susan? I thought he was with Alice? And it was Eve that they were trying to avoid

- Sorry lame joke but hopefully someone got it.

Anyways -- I wanted to clarify one thing. I realize that the topic of a certificate authority came up. But in the actual scenario provided by @MyBinary - the authenticity is not necessarily performed by a certificate authority. A public key that is signed by a certificate authority is commonly called a certificate. The scenario above is a little different. Is presumes that there is a pre-shared secret (I.e. the message that Bob sends to Susan) that is used to authenticate the public key.

While my following example is not quite technically complete - an example would be how SSH works. With SSH - there is no CA required. Assume that Susan is the SSH client and Bob is the SSH server. If Susan makes a first time initial contact with Bob using SSH, a public key fingerprint (i.e. the message) is presented by Bob to Susan (that would be analogous to the encrypted message in the scenario). The fingerprint is then verified between Bob and Susan. Only Bob's private key can encrypt and generate the fingerprint which can be decrypted by Bob's real public key. If BadGuy send her public key, the fingerprint would be different. In SSH, Susan would then store the Bob's public key for future communications.

teancum144

mrbinary wrote: »

who is the HE they are referring to here. should it not have been the CA instead of he?

I don't think the example you provided is typical. For example, a digital certificate can be obtained for free via PGP (Pretty Good Privacy). Gnu Privacy Guard (GPG) is widely accepted PGP implementation. Here a summary of the process:

Download PGP software
Verify the authenticity/integrity of the software using hasing
Use the locally installed, trusted software to generate a digital certificate (public/private key pair)
Export the public key to to a public key server, or publish it on your webpage
No one knows your private key except you

You can also pay commercial CAs (e.g. Verisign) for an individual end-entity certificate. You would download their software, generate the key pair and export the certificate back to them. The examples you've provided so far haven't been very good. I suggest purchasing Darril Gibson's book or the Conklin/White book.

mrbinary

thanks guys,

i have my security+ obtained reading darill gibson book. this is the cehv7 i am now pursuing reading CEH Certified Ethical Hacker All-in-One Exam Guide authoer matt walker. just was confused by his scenario so i thought i get clarification here.

teancum144

mrbinary wrote: »

i have my security+ obtained reading darill gibson book. this is the cehv7 i am now pursuing reading CEH Certified Ethical Hacker All-in-One Exam Guide authoer matt walker. just was confused by his scenario so i thought i get clarification here.

No problem. Fyi, TechExams.net has a CEH forum here: EC-Council CEH and CHFI Forums

mrbinary

thanks for the reply Darril, just a few question in RED.

When exchanging data privately, two users can exchange certificates prior to sending encrypted data.

As an overview, here's how the keys are used in two different instances:

E-mail digital signatures

The sender’s private key encrypts (or signs) a hash of the message.
The sender’s public key decrypts the hash of the message (How does the recipient get the senders public key if they are doing this without a CA? Can and should it be done?)

E-mail encryption

The recipient’s public key encrypts the message (How does the recipient give the sender his public key if they are doing this without a CA? Can and should it be done?)
The recipient’s private key decrypts the message

It's important to realize that these are two completely separate instances. An email can be encrypted only, digitally signed only, or encrypted and digitally signed.

Hope this helps.[/QUOTE]