How Encryption Works.

Hey all .. I'm familiar with at least the basics of how encryption works. e.g. I'm familiar with the very simple Caesar Cipher, etc..

Also familiar with Public & Private keys, Symmetric and Asymmetric Algorithms, etc..

However, how are private and public keys created? Are there any open source encrypters? Any info on the advance side of how it works would be much appreciated! :-)

Thanks in advance,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

private and public keys are just a bunch of random bytes, they are meaningless per se.

for open source encryption take a look at PGP (Pretty Good Privacy)

Advanced info on how it works will not fit here so I would suggest you buy a  book on the subject, for example Applied Cryptography by Bruce Schneier.
A quick overview of the Key Generation process is something like the following...

1. Random Bytes are generated by the user.  Great care is taken to ensure they are RANDOM (time between keystrokes of random typing say - not just using the random generator from the clock).  If you can find out the original 'random seed(s)' that someone used to make their keys - you can effectively make another set of the same keys - including the private one.

2. These random bytes are then used to generate certain values that will be used to then generate the two keys (depending on the encryption method).  For example, with RSA encryption - it's usually something like 'the next pair of "safe" prime numbers after the chosen random value', where "safe" means that when these numbers are multiplied together, you can't easily factor them.  This isn't exact (and may be slightly wrong in the detail), but the premise is correct. The seeds are used to make 'N and P'.

3. When you have these values, you apply a certain mathematical process to these 'special values' to make your private and public keys.  You then destroy all knowledge of these values - as they can be used to generate the keys again.  You can't get back to these values from the keys without significant work (you could - if these numbers weren't thousands of digits long).

4. The private key is then usually encrypted AGAIN with a much more simple 'passphrase' encryption technique.  The idea being then that if someone finds your 2Kb key, they still can't use it until they decrypt it with your passphrase.  This encrypted private key is the file you get from PGP.

Again - it's a really brief overview and it doesn't detail the maths (look for full reports/books for that sort of stuff), but that's the general outline of what goes on in Key Generation!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
See the explanation...
How Public and Private Key Cryptography Works,,sid14_gci214299,00.html
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

You can use openssl to create keys. It runs under linux and as far as I know under windows, too.
Great site on encryption? Go to the inventors...

You can get anything you want; Code examples, architectures and forth


As alikoank said, Bruce Schneier is the man to read. Applied Cryptography is one of the bibles in this area. Vists his site at:

If you want to REALLY know about anything, look for it's weaknesses. Again, Bruce is the man:

The CISSP Study Guide by Shon Harris has a chapter on cryptography and covers the concepts very clearly and  conscisely. This chapter is actually available on-line as a sample and I'd highly recommend it since you're probably not gonna go out and buy a big textbook AKA-schneier. This is available from a site called which is a great infosec resource. You'll need to register. Once you've done this, go to the Downloads section and then select Cryptography where you'll find a PDF of this chapter as well as heaps of other cool stuff.

Hope that helps

> This is available from a site called which is a great infosec resource.
Great link...another site to ponder...thanks...;-)

When I stumbled on that site, resources for the CISSP were very few and far between. There's heaps more now, but Clement has done a brilliant job in bringing all this stuff together. Still haven't got my CISSP :), but learnt alot nonetheless. Someday I'll find the time...
Here's another one you may find useful:

DrWarezzAuthor Commented:
Hey, thanks alot all :-)

I will have a read over this all quite soon, and get back to you all -- thanks alot! :D

You may want to read through Sun's documentation as well.  They provide the following walk-through covering the Java 2 SDK 1.2 at (  Good Luck!

"Generate Public and Private Keys

    In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)

    In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.

    In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator class.

    In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.

    Generating a key pair requires several steps:

    Create a Key Pair Generator

        The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.

        As with all engine classes, the way to get a KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. This method has two forms, both of which hava a String algorithm first argument; one form also has a String provider second argument.

        A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.

        Put the following statement after the

else try {

        line in the file created in the previous step, Prepare Initial Program Structure:

KeyPairGenerator keyGen =
    KeyPairGenerator.getInstance("DSA", "SUN");

    Initialize the Key-Pair Generator

        The next step is to initialize the key-pair generator. All key-pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator class has an initialize method that takes these two types of arguments.

        The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.

        The source of randomness must be an instance of the SecureRandom class. This example requests one that uses the SHA1PRNG pseudo-random-number generation algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.

SecureRandom random =
    SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);

        Note: The SecureRandom implementation attempts to completely randomize the internal state of the generator itself unless the caller follows the call to the getInstance method with a call to the setSeed method. So if you had a specific seed value that you wanted used, you would call the following prior to the initialize call:


    Generate the Pair of Keys

        The final step is to generate the key pair and to store the keys in PrivateKey and PublicKey objects.

KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();"

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.