Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does two party encryption work?

Tags:

security

encryption

I am able, with pidgin otr for example, capable of communicating with anyone and it is secure. We haven't exchanged a secret passkey or anything else, the program just sets up the encryption and everyone assures me it is secure.

So what I have is this:

Person1 talking to Person2 (Assuming people really are who they say they are)

Since no info was ever exchanged between person1 and person2, what's to stop a badperson3 from intercepting all the traffic and deciphering all the messages?

I read about PGP, about how each machine has a private key and a public key that is shared between the two computers, but I don't fully get how this can work. It's not like person2 can encode messages using person1's private key, and if it uses the public key, anyone listening can decipher.

I'm a bit confused.

like image 821
Matt Avatar asked Jan 29 '10 18:01

Matt

2 Answers

Without getting into technical details, the whole idea of public key cryptography like RSA is that the public key can be used to encrypt data, but cannot be used to decrypt what it just encrypted (without breaking the encryption, of course -- in the case of RSA that normally means factoring the product of two large primes).

There is, of course, still some data exchanged: you still need to get a person's public key before you can encrypt data using that public key. It's also worth noting that public key cryptography is generally a lot slower than symmetric cryptography. That being the case, most protocols that use public key cryptography try to minimize the amount of data encrypted using the public key algorithm. Typically, the sender will pick a random number of the right size to use as a key with a symmetric algorithm, encrypt it with the public-key algorithm, and send it to the receiver. The rest of the data is encrypted with the symmetric algorithm, using that key.

As such, in a typical case you're retrieving a public key, then generating, encrypting, and sending a private key, then sending data encrypted with that private key.

like image 113
Jerry Coffin Avatar answered Sep 30 '22 23:09

Jerry Coffin

There is a good description written up on wikipedia: http://en.wikipedia.org/wiki/Public-key_cryptography

like image 25
Greg Avatar answered Sep 30 '22 22:09

Greg
Sign in to Comment

Related questions

Is it possible to have a single trial per device?
What does this script do?
Symfony2 Login and Security
Is the c++ hash function reasonably safe for passwords?
How to preserve data when updating Java Card / GlobalPlatform applet?
Best way to handle user account authentication and passwords
Is javascripts access to a password fields value considered a security risk?
Is it OK to allow sometimes dynamic SQL without sanitization?
Protecting source code from theft during development [closed]
How to decrease the size of SHA1?
How can I calculate the Failed Acceptance Rate and False Recognition Rate?
Aren't passwords written in inputbox vulnerable through a stack trace?
Is Javascript eval() so dangerous? [duplicate]
Lock Down ASP.NET MVC App Administration Site to LocalHost only
How safe is 'is_numeric' against sql injection
Harm of passing session id as url parameter
Secure login with proper authentication in PHP
Protection against SQL injection [duplicate]
Is the internal password of delphi exe secure?
How do I prevent execution of arbitrary commands from a Django app making system calls?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!