|
-
May 8th, 2003, 12:15 PM
#1
Thread Starter
Dazed Member
symmetric/asymmetric keys
Ive recently started to get into the JSSE API and after reading a little about symmetric/asymmetric keys i am a bit confused.
Here are some excerpts from a book i am reading.
In traditional secret key(symmetric) encryption, the same key is used bolth to encrypt and decrypt the data. Bolth the sender and the receiver have to possess the single key. Suppose Angela wants to send Gus a secret message. She first sends Gus the key they'll use to exchange the secret. But the key can't be encrypted because Gus dosen't have the key yet, so Angela has to send the key unencrypted. Now suppose Edgar is eavesdropping on the connection between Angela and Gus. He will get the key at the same time that Gus does. From that point forward, he can read anything Angela and Gus say to each other using that key.
Now if Angela wants to send Gus a secret messsge but first must send him the key unencrypted how does she encrypt her message if Gus now has possession of the key? I would think that the message that Angela sends would be encrypted and sent to Gus with the key so he can then decrypt the message.
In public key(or asymmetric) encryption, different keys are used to encrypt and decrypt the data. One key, called the public key, is used to encrypt the data. This key can be given to anyone. A different key,called the private key, is used to decrypt the data. This must me kept secret but needs to be possessed by only one of the correspondents. If Angela wants to send a message to Gus, she asks Gus for his public key. Gus sends it to her over an unencrypted connection. Angela uses Gus's public key to encrypt her message and sends it to him. If Edgar is eavesdropping when Gus sends Angela his key, Edgar also gets Gus's public key. However, this dosen't allow Edgar to decrypt the message Angela sends Gus, since decryption requires Gus's private key. The message is safe even if the public key is dectected in transit.
Now if Gus sends Angela his public key to encrypt her message then she sends that encrypted message back to him he can decrypt that message using his private key. What if he changes the message, encrypts it and sends it back to Angela. He still has to send his private key so she can decrypt his message. How can this scheme be secure?
Last edited by Dilenger4; May 8th, 2003 at 12:37 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|