Security Basics mailing list archives

Re: Basic Questions about PKI

From: "Michael Sconzo" <msconzo () tamu edu>
Date: Wed, 8 Oct 2003 10:48:18 -0500

Sorry, if I seem a bit blunt, but I didn't think people wanted a
rant/dissertation/etc... on PKI :)
If I miss anything or made some errors (gross or otherwise) by all means let
me/the list know, thanks.

Can someone that knows PKI cold confirm my knowledge of PKI?

Here's what I think I know about PKI (accurate or not I'm not sure):

a.  People ENCRYPT messages to me with my PUBLIC key and send the

encrypted

message to me, and only I can open the encrypted message...because ONLY my
PRIVATE key can decrypt messages encrypted with my PUBLIC key.

Yup


b.  If I want to SIGN a message, I use my private key to sign the message
digest (ENCRYPTING the hash result).  The receiver who wants to rely on my
signed message uses my PUBLIC key to DECRYPT my encrypted message digest.


Yup, however a very important thing do remember is to always sign before you
seal (encrypt).


c.  Both private and public keys can decrypt, and both private and public
keys can encrypt.  It just depends on the situation of what we use when.


Yup, they are both just numbers, 1s & 0s etc ... However, it is 'hard' to
get a private key from a public key, but the reverse is not true.  This is
why not distributing your private key is important.


Is that logic correct?

Could we encrypt messages that we want to send to others with our private
key (but don't because if we did anyone with our public key could read)

the

seemingly private message?


This is the basis for signing, a digital signature is when you 'encrypt' the
message with your private key...since everybody has your public key it is
trivial for them to 'decrypt' (verify that is came from you). It would be
silly to waste the computing power to 'encrypt' something when everybody can
read it.

If you are looking for a good book about crypto, i would HIGHLY recommend
"Handbook of Applied Cryptography" byt Menezes, van Oorschot and Vanstone.


Roger


-Mike


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Basic Questions about PKI Roger A. Grimes (Oct 07)
- RE: Basic Questions about PKI David Gillett (Oct 08)
- Re: Basic Questions about PKI Meritt James (Oct 08)
- RE: Basic Questions about PKI Erik Rozman (Oct 08)
- Re: Basic Questions about PKI Michael Sconzo (Oct 08)
- <Possible follow-ups>
- RE: Basic Questions about PKI Kenneth Buchanan (Oct 08)
- RE: Basic Questions about PKI Chee Young, Tan (Oct 08)
  - RE: Basic Questions about PKI Hussein Ghazy (Oct 09)
- RE: Basic Questions about PKI Kenneth Buchanan (Oct 08)