Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: Confused about the logic of public key encryption

  1. #1
    Join Date
    Oct 2011
    Beans
    63

    Question Confused about the logic of public key encryption

    I've read several books that mention and try to explain public key encryption, but I simply don't get it on a logical level. It seems like publishing a code integral to security is counter-productive, and I don't see what private keys have to do with anything. I'd like an explanation that isn't full of technical details on how to do it; like an analogy that explains how it works and then tying the technical stuff in. This is just a mental block, I don't want a tutorial with loads of command-line.

  2. #2
    Join Date
    Aug 2008
    Beans
    1,835
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Confused about the logic of public key encryption

    Quote Originally Posted by Cu Rua View Post
    I've read several books that mention and try to explain public key encryption, but I simply don't get it on a logical level. It seems like publishing a code integral to security is counter-productive, and I don't see what private keys have to do with anything. I'd like an explanation that isn't full of technical details on how to do it; like an analogy that explains how it works and then tying the technical stuff in. This is just a mental block, I don't want a tutorial with loads of command-line.
    The private keys are required to decrypt messages encrypted using the public keys. The system relies on mathemical functions that have inverses that are very difficult to compute in any plausible timeframe. I want to send you a message that only you can read? You send me your public key which I use to encrypt the message. You receive the message and can decrypt it using the private key. If the encryption algorithm is good, no one can derive the private key from the public key.

  3. #3
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,807

    Re: Confused about the logic of public key encryption

    Quote Originally Posted by Cu Rua View Post
    I've read several books that mention and try to explain public key encryption, but I simply don't get it on a logical level. It seems like publishing a code integral to security is counter-productive, and I don't see what private keys have to do with anything. I'd like an explanation that isn't full of technical details on how to do it; like an analogy that explains how it works and then tying the technical stuff in. This is just a mental block, I don't want a tutorial with loads of command-line.
    http://www.security4noobs.com/pki/pki-101/

    http://www.security4noobs.com/pki/pki-102/
    Feel Free to Bitcoin Tip: 135Rp4pwwYTHEJ4u8bxKaDQiC91N9LUoV2

    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  4. #4
    Join Date
    Oct 2011
    Beans
    63

    loads more questions...

    So if each public key type has its own algorithm, and it's applied to all the public and private keys of that type, wouldn't cracking that algorithm release all the private keys of that sort, like figuring out a credit card number algorithm? Exactly how much time would it take to crack one?
    Also, if certificates go all the way up to, say, a government agency, wouldn't they automatically have privileged access to all their private keys and therefore any information sent using them? What keeps the top people under control?
    Does the spirit of open source apply to key making? What sort of people/companies supply keys?

  5. #5
    Join Date
    Jul 2010
    Location
    /run/shm
    Beans
    825
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: Confused about the logic of public key encryption

    There is also a element called a "seed", basically some random information that is being manipulated with those algorithms, if you don't know the seed, you can't get the keys.

    Also, if you want an analogy, think of SSL. They are more or less the same on the principal (Certificate that you receive from the website is a public key and the cert they keep on their server is the private key)
    Quote Originally Posted by Linus Torvalds
    "Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program."

  6. #6
    Join Date
    Jun 2010
    Beans
    52

    Re: Confused about the logic of public key encryption

    Having keys and changing ssh default port to 2222 or something that's not 22 will stop script kiddies from brute forcing

    you can password protect your keys giving one extra line of defense for if you lose your unencrypted flash stick or have your key stolen through some other unforeseen event giving your time to make a new key.

    I like to think of ssh keys as a jumbo sized password i don't need to enter every time

  7. #7
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,274
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Confused about the logic of public key encryption

    You want a non-technical analogy? Here you are...

    Imagine Alice wants to send a secret message. You post Alice an unlocked safe, but only you have the combination. Alice puts her message into the safe, locks it, and posts it back to you.

    Now, no one but -- not even Alice -- can open the safe and read it. The message is safe.

    Safe =your public key
    Combination = your private key

    Now, for a complication...

    When you receive your safe, how do you know it was Alice who actually wrote the message? Perhaps Bob intercepted the safe, wrote a false message pretending to be Alice, and sent it to you. (This is the "man-in-the-middle attack".)

    Hmm...

    Well, Alice signs her message using her signature. It's a clever signature that no one else can forge. When you open your safe, you check the signature in a verification book, and see that it really was from Alice.

    So, you have received a message that no one but Alice could have sent, and no one but you can read.

    Here's the clever bit...

    Signature = Alice's private key
    Verification book = Alice's public key

    Notice how the public and private keys can perform two functions: making a message safe (encryption), and signing a message (signing).

    Each message uses both people's private and public keys. Provided that Alice never reveals her private key, and you never reveal yours, you can send messages to each other secure in the knowledge that no one can read your messages to each other, and no one can fake messages from either of you.

    It is also possible to sign messages without encrypting them. That's useful when you don't care if other people read your message, but people do care whether or not it is really from you. For example, websites using https use this method.

    Complications:
    • You need a way to verify that the public from Alice is really Alice's (and not Bob's pretending to be Alice).
    • You must secure your private key carefully.


    HTH
    Full Circle Magazine :: Cheap Linux stickers :: Problems with WINE?
    In my day, we had outdoors in which to run, play, and socialise. Now we have computers to do those.

  8. #8
    Join Date
    Sep 2007
    Location
    Oklahoma, USA
    Beans
    2,325
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Confused about the logic of public key encryption

    Paddy's analogy was great. Here's another very similar one:

    Instead of a combination lock, the container has a simple hasp that can take an ordinary padlock. You've distributed thousands of padlocks to which only you have the key, for anyone to use in sending messages to you. When Alice wants to send you a note, she finds one of your padlocks and uses it to lock the box.

    The padlock is the public key; the physical key is your private one.

    What makes it work is something the mathematicians call a "one-way function." These functions involve numbers of astronomical proportions, on the order of 2 to the 1024th power. The specific numbers used are also quite special, in that they are the product of exactly two "prime numbers" (which are numbers that have no factors except themselves and 1, such as 2, 3, 5, 7, 11, and so on) each of which is itself quite large. Those two prime factors are used as the public and private keys for the huge number that's fed into the one-way function to do the encryption.

    Without BOTH of the prime factors it's impossible to know exactly what the huge number is, and without that huge number it's impossible to decrypt the message in less than a few thousand years. That's what makes it possible to publish one of them and remain secure. The exact one-way function used is what distinguishes one variety of public-key encryption from another.
    --
    Jim Kyle in Oklahoma, USA
    Linux Counter #259718
    Howto mark thread: https://wiki.ubuntu.com/UnansweredPo.../SolvedThreads

  9. #9
    Join Date
    May 2010
    Location
    uk
    Beans
    9,374
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Confused about the logic of public key encryption

    Hi

    Just wanted to say that there are a couple of very good posts in this thread. Well done!

    Kind regards
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

    Thinking about becoming an Ubuntu Member?

  10. #10
    Join Date
    Oct 2011
    Beans
    63

    Re: Confused about the logic of public key encryption

    Quote Originally Posted by matt_symes View Post
    Hi

    Just wanted to say that there are a couple of very good posts in this thread. Well done!

    Kind regards
    Agreed, the analogies made things much clearer, particularly the padlock one. I do still see the phenomenal pace of technology as a security risk, though-- it may take thousands of years to crack the codes with what we've got now, but what we've got now is constantly changing. There's also computers in universities trying to find the next prime number-- one would think it easy enough to switch them around to cracking keys. Or do I have the wrong impression on modern supercomputers?

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •