[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
Solved

# How Encryption Works.

Posted on 2004-11-23
Medium Priority
773 Views
Hey all .. I'm familiar with at least the basics of how encryption works. e.g. I'm familiar with the very simple Caesar Cipher, etc..

Also familiar with Public & Private keys, Symmetric and Asymmetric Algorithms, etc..

However, how are private and public keys created? Are there any open source encrypters? Any info on the advance side of how it works would be much appreciated! :-)

[r.D]
0
Question by:DrWarezz

LVL 4

Assisted Solution

alikoank earned 284 total points
ID: 12659347
private and public keys are just a bunch of random bytes, they are meaningless per se.

for open source encryption take a look at PGP (Pretty Good Privacy)

Advanced info on how it works will not fit here so I would suggest you buy a  book on the subject, for example Applied Cryptography by Bruce Schneier.
0

LVL 2

Accepted Solution

Telumehtar earned 292 total points
ID: 12660472
A quick overview of the Key Generation process is something like the following...

1. Random Bytes are generated by the user.  Great care is taken to ensure they are RANDOM (time between keystrokes of random typing say - not just using the random generator from the clock).  If you can find out the original 'random seed(s)' that someone used to make their keys - you can effectively make another set of the same keys - including the private one.

2. These random bytes are then used to generate certain values that will be used to then generate the two keys (depending on the encryption method).  For example, with RSA encryption - it's usually something like 'the next pair of "safe" prime numbers after the chosen random value', where "safe" means that when these numbers are multiplied together, you can't easily factor them.  This isn't exact (and may be slightly wrong in the detail), but the premise is correct. The seeds are used to make 'N and P'.

3. When you have these values, you apply a certain mathematical process to these 'special values' to make your private and public keys.  You then destroy all knowledge of these values - as they can be used to generate the keys again.  You can't get back to these values from the keys without significant work (you could - if these numbers weren't thousands of digits long).

4. The private key is then usually encrypted AGAIN with a much more simple 'passphrase' encryption technique.  The idea being then that if someone finds your 2Kb key, they still can't use it until they decrypt it with your passphrase.  This encrypted private key is the file you get from PGP.

Again - it's a really brief overview and it doesn't detail the maths (look for full reports/books for that sort of stuff), but that's the general outline of what goes on in Key Generation!
0

LVL 7

Assisted Solution

shahrial earned 284 total points
ID: 12662457
See the explanation...
How Public and Private Key Cryptography Works
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214299,00.html
...;-)
0

LVL 88

Assisted Solution

rindi earned 284 total points
ID: 12662957
You can use openssl to create keys. It runs under linux and as far as I know under windows, too.
0

LVL 15

Assisted Solution

Cyber-Dude earned 284 total points
ID: 12663113
Great site on encryption? Go to the inventors...

http://www.rsasecurity.com/content_library.asp

You can get anything you want; Code examples, architectures and forth

Enjoy

Cyber
0

LVL 2

Assisted Solution

mellowmarquis earned 284 total points
ID: 12664400
As alikoank said, Bruce Schneier is the man to read. Applied Cryptography is one of the bibles in this area. Vists his site at: http://www.schneier.com

If you want to REALLY know about anything, look for it's weaknesses. Again, Bruce is the man:
http://www.schneier.com/paper-pki-ft.txt

The CISSP Study Guide by Shon Harris has a chapter on cryptography and covers the concepts very clearly and  conscisely. This chapter is actually available on-line as a sample and I'd highly recommend it since you're probably not gonna go out and buy a big textbook AKA-schneier. This is available from a site called www.cccure.org which is a great infosec resource. You'll need to register. Once you've done this, go to the Downloads section and then select Cryptography where you'll find a PDF of this chapter as well as heaps of other cool stuff.

http://www.cccure.org/Documents/Cryptography/cisspallinone.pdf

Hope that helps
:)

0

LVL 7

Expert Comment

ID: 12665007
mellowmarquis,
> This is available from a site called www.cccure.org which is a great infosec resource.
0

LVL 2

Expert Comment

ID: 12665353
Shahrial,

When I stumbled on that site, resources for the CISSP were very few and far between. There's heaps more now, but Clement has done a brilliant job in bringing all this stuff together. Still haven't got my CISSP :), but learnt alot nonetheless. Someday I'll find the time...
Here's another one you may find useful:

http://www.securitydocs.com/

Cheers
0

LVL 9

Author Comment

ID: 12666238
Hey, thanks alot all :-)

I will have a read over this all quite soon, and get back to you all -- thanks alot! :D

[r.D]
0

LVL 1

Assisted Solution

DeltaFix earned 288 total points
ID: 12683131
You may want to read through Sun's documentation as well.  They provide the following walk-through covering the Java 2 SDK 1.2 at (http://java.sun.com/docs/books/tutorial/security1.2/apisign/step2.html).  Good Luck!

"Generate Public and Private Keys

In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.

In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

Generating a key pair requires several steps:

Create a Key Pair Generator

The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. This method has two forms, both of which hava a String algorithm first argument; one form also has a String provider second argument.

A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

Put the following statement after the

else try {

line in the file created in the previous step, Prepare Initial Program Structure:

KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("DSA", "SUN");

Initialize the Key-Pair Generator

The next step is to initialize the key-pair generator. All key-pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.

The source of randomness must be an instance of the SecureRandom class. This example requests one that uses the SHA1PRNG pseudo-random-number generation algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.

SecureRandom random =
SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);

Note: The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to the getInstance method with a call to the setSeed method. So if you had a specific seed value that you wanted used, you would call the following prior to the initialize call:

random.setSeed(seed);

Generate the Pair of Keys

The final step is to generate the key pair and to store the keys in PrivateKey and PublicKey objects.

KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();"

Reference:
http://java.sun.com/docs/books/tutorial/security1.2/apisign/step2.html
0

## Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question