LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 01-09-2018, 09:53 AM   #1
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19 MATE
Posts: 6,259
Blog Entries: 2

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Public-key encryption explained


If anyone is finding it difficult understanding the concept behind public and private key encryption/signing (which I certainly did at first), the following page which I came across a few months back is a very good layperson's visualisation of the concept:

https://blog.vrypan.net/2013/08/28/p...for-non-geeks/

Once you've got your head around the concept, the specifics relating to Gnu PGP can be found at:

https://www.gnupg.org/gph/en/manual.html
 
Old 01-11-2018, 12:27 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
To me, the "lock that turns two ways" analogy is good but slightly forced.

A private key is a key that can be used to generate any number of public keys that are secretly related to it ... and they share one critical, so-called asymmetric, magickal-voodoo, mathematical property:
  • A message that is encrypted with one type of key, can only be decrypted by the other type.

Bob can encrypt a message using one of Alice's public keys, but, having done so, cannot reverse the process. Edgar, who was issued another of Alice's keys, also can't read Bob's (or, Edgar's) message. Only Alice can. Likewise, Alice can create a message that she can't read, but Bob or Edgar can. (Of course, Alice alone has the privilege of generating yet another public-key with which to subsequently read her own message. But to complete the round-trip from plaintext to ciphertext to back again requires two keys, one of which is kept secret and the other of which need not be.)

Likewise, if either Bob or Edgar receive a message and are able to decrypt it using either one of the public keys, they therefore know that the message must have come from Alice (or, someone who is in possession of Alice's private key), because only the possessor of that one private key could have created a message that they were able to decrypt.

The other essential concept is that of message signatures, created by "hashing" algorithms such as SHA1 or MD5. Alice can sign a message – even if she does not encrypt the body of it – by attaching a signature which consists of a hash of her message that is then encrypted using her private key. Bob or Edgar can decrypt the hash – discovering that they can do so – and then check it – discovering that it matches. Ergo, the message must be authentic, and untampered.

Certificates can also be signed. In fact, a "certificate" is a bundle that contains a public-key and one or more confirming "signatures." Both the key and the accompanying signatures are (securely) shared during the initial handshake exchange. So, you can't (somehow) steal a key from one certificate and drop it into another, because you can't sign the result.

Because these technologies are secure but expensive, most crypto technologies use symmetric ciphers ... and randomly-generated keys ... to secure the body of the message, then use asymmetric techniques to conceal the keys in the same way that message-signing secures the hash-values. This is what allows you to use PGP to generate an encrypted document that only certain people (but, several people) can read. Readers must possess their secret private-keys in order to read the document, but the preparer of the document needs only their public keys to do so. "Brute forcing" the underlying symmetric key is unfeasible.

Last edited by sundialsvcs; 01-12-2018 at 09:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Public key, private key explained calande Linux - Security 3 06-12-2008 06:23 AM
Public Key Encryption Support carlosinfl Linux - Server 4 05-23-2008 11:47 AM
SSH Public Key Encryption Mechanism mmn357157 Linux - Software 6 05-29-2007 08:02 PM
public key encryption dsids Linux - Security 8 08-01-2006 02:48 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration