encryption mixup

Posted on 2013-11-20
Medium Priority
Last Modified: 2013-11-21
I'm trying to understand how encryption works.
This is my understanding. Symmetric key is the usage of the same key on both computers (sending computer and receiving computer). Pretty much a  private key between the two, right?

Asymmetric key is the usage of two keys, public and private on each computer, right?

Now, I read two different articles online and each one has the data different.
When a sending computer encrypts a msg, it first encrypts the msg with its private key and then it encrypts it with a public key.    or is it the other way... the sending computer encrypts the msg with the public key and then with the private key...  ?????
Question by:MrMay
  • 2
  • 2
  • 2
LVL 85

Expert Comment

ID: 39663351
It depends who you want to be able to read the message.

Author Comment

ID: 39663362
ozo... you answer does not answer my question.
LVL 15

Accepted Solution

Giovanni Heward earned 1000 total points
ID: 39663544
Symmetric (private-key) encryption is the sharing of a single key (password.)  You understand this correctly.  It must be shared between all parties which require access to the data.

symmetric encrypt/decrypt process
Asymmetric (public-key) encryption means that one key is required to decrypt data encrypted by the other.  So if I encrypt data using your public key, it can only be decrypted with your private key (cryptanalysis considerations aside.)

asymmetric encrypt/decrypt process
Similarly, if you encrypt data with your private key, I can decrypt it using your public key.  In practice, this is typically done to ensure non-repudiation and integrity (e.g. hash or message digest.)

One advantage of symmetric encryption is speed.  It's ideal for large quantities of data. One disadvantage is the secure distribution of the private key.  So best practice is to share the private key through an "out of band" method.  So if you email the encrypted data, the key is shared via snail mail (for example.)

One advantage of asymmetric encryption is the secure distribution of the public key, whereas a disadvantage would be efficiency when encrypting large data sets.

Perhaps you can see through this explanation a hybrid approach it possible.  Using the strengths of both to your advantage.  You encrypt a large data set using symmetric encryption, and then encrypt the private key using an asymmetric cipher.

If you want to play around with this, try CrypTool.

As you posted under TLS/SSL, here's a diagram of a TLS handshake:

TLS handshake
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 39663907
Ok, let's say that I encrypt a msg using my private key and I send the corresponding public key to Bob. How do I know that Bob will get that public key and not someone else (man in the middle attacker) pretending to be Bob?
LVL 85

Assisted Solution

ozo earned 1000 total points
ID: 39663922
You and Bob can both publish your public keys,
Then you can encrypt it with your private key and Bob's public key.
You can also digitally sign your published keys.
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39666811
Here is a look at how message integrity controls and digital signatures fit into the overall process of transmitting information to ensure confidentiality, integrity, non-repudiation, and assurance of delivery. Now they actually have confidentiality, integrity, proof of origin, and proof of receipt.

Cryptography Summary


Alice wants to send a message to Bob and provide confidentiality, integrity, proof of origin and proof of receipt.


To protect the secrecy of her message contents, she uses a symmetric cipher to encrypt it. For that she uses a symmetric key. This produces a ciphertext message.


To protect the accuracy of the message, she uses a hashing algorithm that condenses the arbitrary-length message to a fixed-size message digest value.


To prove the message actually came from her, Alice signs the message by encrypting the hash value with her private key. The sum of the message digest encrypted with Alice's private key results in a digital signature.


This digital signature is then appended it to the bottom of the symmetrically encrypted message. Now in order for Bob to read, prove the origin, and check the accuracy of the message, he must reverse all of the encryption done above.


To read the message, Bob needs a copy of the symmetric key. Alice encrypts it using asymmetric encryption and encrypts the symmetric key with Bob's public key, producing a ciphertext key.


Bob decrypts the ciphertext key with his private key to give him his copy of the symmetric key.


Bob uses the symmetric key to decrypt the message with that key and read it.


Bob decrypts Alice's digital signature using Alice's public key. Once the decryption process is complete, he is left with the message digest.


But, he has yet to prove the integrity of the message or the proof of origin. He must prove the message digest value is correct. To do this, Bob must rehash the message that he has received and decrypted.


If the message digest that he generates from the message matches the message digest that he decrypted from Alice's digital signature, then he has proof of integrity and proof of origin.


To prove that he received the actual message Alice sent, Bob re-encrypts the message digest with his private key, which will result in his digital signature.


Bob sends his digital signature back to Alice.


Alice decrypts Bob's digital signature using his public key to produce the message digest.


She compares the message digest she just received to the message digest she originally generated. If these two message digests match, then she has proven that her message was received by Bob (proof of receipt) in its correct format (proof of integrity).

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question