Learn how to a build a cloud-first strategyRegister Now

x
Solved

public key

Posted on 2006-04-22
Medium Priority
291 Views
How does a public key  avoid the security risk posed by having users share secret keys the key is public  what prevents a cracker from using the public key to decrypt the message?
0
Question by:teera

LVL 5

Assisted Solution

dennis_george earned 400 total points
ID: 16514765
Have you read the concepts of public key encryption???

Normaly in asymmetric encryption decryption is done by private-key not public key... so no one but the intended recipient will be able to decrypt the message...

i.e. In a communication between X and Y, X will encrypt msg with Ys public key and send to Y. Y will be able to decrypt message with his private key.

0

LVL 32

Assisted Solution

jhance earned 400 total points
ID: 16515065
With a public key encryption system there is also the PRIVATE key.  Something encrypted with the public key can only be decrypted with the private key.  So even though anyone may be able to get the public key and encrypt with it, having it is of no help in decrpytion.  That makes this a very useful technique, it's also why it's very important to keep the private key private.

This is called an ASYMMERIC cryptosystem since DIFFERENT keys are used for encryption vs. decryption.  Contrast that with SYMMETRIC system (like the widely used DES algorithm) where the SAME key is used for both encryption and decryption.

There are valid uses for both...
0

LVL 27

Accepted Solution

Tolomir earned 400 total points
ID: 16516796
A more detailed information can be found here: http://en.wikipedia.org/wiki/Public_key

Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.

The term asymmetric key cryptography is a synonym for public key cryptography in most cases. However, there are asymmetric key encryption algorithms which do not have the public key-private key property noted above. For these algorithms, both keys must be kept secret.

In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.

There are many forms of public key cryptography, including:

* public key encryption — keeping a message secret from anyone that does not possess a specific private key.
* public key digital signature — allowing anyone to verify that a message was created with a specific private key.
* key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.

Typically, public key techniques are much more computationally intensive than purely symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications.

Tolomir
0

LVL 3

Assisted Solution

hfern earned 200 total points
ID: 16557706
The public key is used to encrypt and the private key is used to decrypt. You can give your public key to anyone and it will only mean that they are then able to encrypt a message mean for you. Your private key you keep to yourself as this is the key to decrypt. If you do not give your privatekey to anyone then no one but you will be able to decrypt the messages encrypted with your public key.
0

LVL 32

Assisted Solution

jhance earned 400 total points
ID: 16558523
>>The public key is used to encrypt and the private key is used to decrypt

Actually it can go either way.  Either key can be used to encrypt and the OTHER key will decrypt.  Typical practice is to use the PUBLIC key to encrypt and the private key to decrypt.  But other scenarios use the PRIVATE key to encrypt.  For example if you wish to prove you sent something, you can encrypt it with your private key.  Then people who decrypt it with your public key can know you encrypted it since only you (presumably) have the private key.
0

LVL 5

Assisted Solution

dennis_george earned 400 total points
ID: 16567488
>> For example if you wish to prove you sent something, you can encrypt it with your private key.
I think in that scenario we use "digital signatures" instead of encrypting the message itself with the private key...  So you encrypt the message for security and use digital signatures for authenticity...
0

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…