public key

How does a public key  avoid the security risk posed by having users share secret keys the key is public  what prevents a cracker from using the public key to decrypt the message?
teeraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dennis_georgeCommented:
Have you read the concepts of public key encryption???

Normaly in asymmetric encryption decryption is done by private-key not public key... so no one but the intended recipient will be able to decrypt the message...

i.e. In a communication between X and Y, X will encrypt msg with Ys public key and send to Y. Y will be able to decrypt message with his private key.

0
jhanceCommented:
With a public key encryption system there is also the PRIVATE key.  Something encrypted with the public key can only be decrypted with the private key.  So even though anyone may be able to get the public key and encrypt with it, having it is of no help in decrpytion.  That makes this a very useful technique, it's also why it's very important to keep the private key private.

This is called an ASYMMERIC cryptosystem since DIFFERENT keys are used for encryption vs. decryption.  Contrast that with SYMMETRIC system (like the widely used DES algorithm) where the SAME key is used for both encryption and decryption.

There are valid uses for both...
0
TolomirAdministratorCommented:
A more detailed information can be found here: http://en.wikipedia.org/wiki/Public_key

Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.

The term asymmetric key cryptography is a synonym for public key cryptography in most cases. However, there are asymmetric key encryption algorithms which do not have the public key-private key property noted above. For these algorithms, both keys must be kept secret.

In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.

There are many forms of public key cryptography, including:

    * public key encryption — keeping a message secret from anyone that does not possess a specific private key.
    * public key digital signature — allowing anyone to verify that a message was created with a specific private key.
    * key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.

Typically, public key techniques are much more computationally intensive than purely symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications.

(....more to read, please follow the link)

Tolomir
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

hfernCommented:
The public key is used to encrypt and the private key is used to decrypt. You can give your public key to anyone and it will only mean that they are then able to encrypt a message mean for you. Your private key you keep to yourself as this is the key to decrypt. If you do not give your privatekey to anyone then no one but you will be able to decrypt the messages encrypted with your public key.
0
jhanceCommented:
>>The public key is used to encrypt and the private key is used to decrypt

Actually it can go either way.  Either key can be used to encrypt and the OTHER key will decrypt.  Typical practice is to use the PUBLIC key to encrypt and the private key to decrypt.  But other scenarios use the PRIVATE key to encrypt.  For example if you wish to prove you sent something, you can encrypt it with your private key.  Then people who decrypt it with your public key can know you encrypted it since only you (presumably) have the private key.
0
dennis_georgeCommented:
>> For example if you wish to prove you sent something, you can encrypt it with your private key.
I think in that scenario we use "digital signatures" instead of encrypting the message itself with the private key...  So you encrypt the message for security and use digital signatures for authenticity...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.