How Encryption Works.

Posted on 2004-11-23
Last Modified: 2010-04-11
Hey all .. I'm familiar with at least the basics of how encryption works. e.g. I'm familiar with the very simple Caesar Cipher, etc..

Also familiar with Public & Private keys, Symmetric and Asymmetric Algorithms, etc..

However, how are private and public keys created? Are there any open source encrypters? Any info on the advance side of how it works would be much appreciated! :-)

Thanks in advance,
Question by:DrWarezz
    LVL 4

    Assisted Solution

    private and public keys are just a bunch of random bytes, they are meaningless per se.

    for open source encryption take a look at PGP (Pretty Good Privacy)

    Advanced info on how it works will not fit here so I would suggest you buy a  book on the subject, for example Applied Cryptography by Bruce Schneier.
    LVL 2

    Accepted Solution

    A quick overview of the Key Generation process is something like the following...

    1. Random Bytes are generated by the user.  Great care is taken to ensure they are RANDOM (time between keystrokes of random typing say - not just using the random generator from the clock).  If you can find out the original 'random seed(s)' that someone used to make their keys - you can effectively make another set of the same keys - including the private one.

    2. These random bytes are then used to generate certain values that will be used to then generate the two keys (depending on the encryption method).  For example, with RSA encryption - it's usually something like 'the next pair of "safe" prime numbers after the chosen random value', where "safe" means that when these numbers are multiplied together, you can't easily factor them.  This isn't exact (and may be slightly wrong in the detail), but the premise is correct. The seeds are used to make 'N and P'.

    3. When you have these values, you apply a certain mathematical process to these 'special values' to make your private and public keys.  You then destroy all knowledge of these values - as they can be used to generate the keys again.  You can't get back to these values from the keys without significant work (you could - if these numbers weren't thousands of digits long).

    4. The private key is then usually encrypted AGAIN with a much more simple 'passphrase' encryption technique.  The idea being then that if someone finds your 2Kb key, they still can't use it until they decrypt it with your passphrase.  This encrypted private key is the file you get from PGP.

    Again - it's a really brief overview and it doesn't detail the maths (look for full reports/books for that sort of stuff), but that's the general outline of what goes on in Key Generation!
    LVL 7

    Assisted Solution

    See the explanation...
    How Public and Private Key Cryptography Works,,sid14_gci214299,00.html
    LVL 87

    Assisted Solution

    You can use openssl to create keys. It runs under linux and as far as I know under windows, too.
    LVL 15

    Assisted Solution

    Great site on encryption? Go to the inventors...

    You can get anything you want; Code examples, architectures and forth


    LVL 2

    Assisted Solution

    As alikoank said, Bruce Schneier is the man to read. Applied Cryptography is one of the bibles in this area. Vists his site at:

    If you want to REALLY know about anything, look for it's weaknesses. Again, Bruce is the man:

    The CISSP Study Guide by Shon Harris has a chapter on cryptography and covers the concepts very clearly and  conscisely. This chapter is actually available on-line as a sample and I'd highly recommend it since you're probably not gonna go out and buy a big textbook AKA-schneier. This is available from a site called which is a great infosec resource. You'll need to register. Once you've done this, go to the Downloads section and then select Cryptography where you'll find a PDF of this chapter as well as heaps of other cool stuff.

    Hope that helps

    LVL 7

    Expert Comment

    > This is available from a site called which is a great infosec resource.
    Great link...another site to ponder...thanks...;-)
    LVL 2

    Expert Comment


    When I stumbled on that site, resources for the CISSP were very few and far between. There's heaps more now, but Clement has done a brilliant job in bringing all this stuff together. Still haven't got my CISSP :), but learnt alot nonetheless. Someday I'll find the time...
    Here's another one you may find useful:

    LVL 9

    Author Comment

    Hey, thanks alot all :-)

    I will have a read over this all quite soon, and get back to you all -- thanks alot! :D

    LVL 1

    Assisted Solution

    You may want to read through Sun's documentation as well.  They provide the following walk-through covering the Java 2 SDK 1.2 at (  Good Luck!

    "Generate Public and Private Keys

        In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

        In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

        In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.

        In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

        Generating a key pair requires several steps:

        Create a Key Pair Generator

            The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

            As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. This method has two forms, both of which hava a String algorithm first argument; one form also has a String provider second argument.

            A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

            Put the following statement after the

    else try {

            line in the file created in the previous step, Prepare Initial Program Structure:

    KeyPairGenerator keyGen =
        KeyPairGenerator.getInstance("DSA", "SUN");

        Initialize the Key-Pair Generator

            The next step is to initialize the key-pair generator. All key-pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

            The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.

            The source of randomness must be an instance of the SecureRandom class. This example requests one that uses the SHA1PRNG pseudo-random-number generation algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.

    SecureRandom random =
        SecureRandom.getInstance("SHA1PRNG", "SUN");
    keyGen.initialize(1024, random);

            Note: The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to the getInstance method with a call to the setSeed method. So if you had a specific seed value that you wanted used, you would call the following prior to the initialize call:


        Generate the Pair of Keys

            The final step is to generate the key pair and to store the keys in PrivateKey and PublicKey objects.

    KeyPair pair = keyGen.generateKeyPair();
    PrivateKey priv = pair.getPrivate();
    PublicKey pub = pair.getPublic();"


    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    What is this ? 6 74
    Truecrypt and swap 6 79
    turbotax on windows 10 39
    Cisco ACS mixed versions 8 28
    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now