Free Computer support in
the forums!

 Navigation:
Socket Home
 Forums
 Security News
 Tools / Links
FAQ
Security Tutorials
A+ Notes
MCSE Notes
CCNA Notes
 My Computer
Rants
Gaming
 The Store  
 Contact CS
 Privacy
Email
Affiliates:
ITS Alaska
 Weblinks2u
 Tech Junkeez

 
 Asymmetric (Public Key) Encryption:
Asymmetric (or public-key) encryption is a form of encryption that uses two keys for encrypting and decrypting data, unlike symmetric encryption which uses a single key for both purposes. Perhaps the most widely used asymmetric algorithm is the RSA cipher, and the statements and examples I use in this post will be specific to RSA.

The two keys used in RSA come in pairs. Data encrypted with one key can only be decrypted by the other key from the pair. Once a new pair of keys (often called a keypair) is generated, one key is designated as the private key and the other is designated as the public key. The private key must be closely guarded by the owner and never revealed to anyone. The public key may be freely shared with others. Maintaining the secrecy of the private key is the foundation to many security protocols, and security breaks down once the private key is exposed.

Asymmetric encryption can be used to provide either confidentiality or authentication, but not both at the same time.

Confidentiality is achieved anytime someone encrypts a message to me using my public key, because only someone with my private key can read the message. As long as I am the only person with my private key, only I can read the message. However, I don't truly know who encrypted the message because it could have been encrypted by anyone with my public key (remember, my public key is just that: public. Anyone could have it). Confidentiality is obtained, but not authentication because I can't be certain who sent it.

Authentication is achieved anytime I use my private key to encrypt a message destined for someone else. The fact that my public key can be used to successfully decrypt the message means the message must have been encrypted with my private key. As long as I am the only person with my private key, I am the only one who could have encrypted the message. However, since anyone with my public key can decrypt and read the message, the contents of the message are not secret. The message is not confidential, but authentication of the sender is achieved.

In reality, the public and private keys used in RSA are carefully chosen prime numbers. To encrypt a message, the plain text is raised to the power of a key (either private or public), and the result is used in a modulus operation. What remains is the cipher text, or encrypted message. To decrypt the message, we'll perform the same operation using the other key from the pair. That is, if we used the public key to encrypt, we will use the private key to decrypt.
 

M ^ p mod R = C
C ^ q mod R = M
 


M is the plain text message, and C is the cipher text message. P and Q are the public and private keys, respectively. The caret symbol (^) indicates exponentiation.

As a simple example, we will encrypt a single character (an exclamation mark) and then decrypt it. We will be using very short keys to keep things managable. In ASCII, the exclamation mark has a decimal value of 33. We'll use a public key of 5, a private key of 29, and a modulus of 35. Let's see if this works:

Remembering the earlier expression of M ^ p mod R = C, we end up with: 33 ^ 5 mod 35 = 3. With the public key I've chosen, 3 is the encrypted equivalent of 33. To decrypt the message, we perform the same operation with the other key, or C ^ q mod R = M. This gives us 3 ^ 29 mod 35 = 33.

You can quickly validate the example using a scientific calculator.


 

©2004 Jason Deckard.