this post was submitted on 28 Apr 2024
32 points (79.6% liked)

Security

5005 readers
1 users here now

Confidentiality Integrity Availability

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
32
A doubt in encryption (lemmy.ml)
submitted 1 year ago by t0mri@lemmy.ml to c/security@lemmy.ml
25 comments fedilink hide all child comments
 

There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

you are viewing a single comment's thread
view the rest of the comments
[–] RegalPotoo@lemmy.world 25 points 1 year ago (13 children)

You've missed a key detail in how asymmetric encryption works:

  • For asymmetric encryption algorithms, you essentially have two keys - a "private" key, and a "public" key
  • If you know the private key it is trivial to calculate the public key, but the reverse isn't true - just given the public key, it is essentially impossible to calculate the private key in a reasonable amount of time
  • If you encrypt something with the public key you must use the private key to decrypt it, and if you encrypt with the private key you can only use the public key for decryption
  • This means that my server can advertise a public key, and you can use that to encrypt the traffic so that only the server that knows the private key can decrypt it
[–] atzanteol@sh.itjust.works 2 points 1 year ago (2 children)

If you know the private key it is trivial to calculate the public key, but the reverse isn't true

I didn't believe this is true... In public/private key crypto there is no such thing as "private" and "public". They're just a key pair. You choose to make one public by sharing it and the other private by not sharing it.

[–] kevincox@lemmy.ml 2 points 1 year ago

It depends on the cryptosystem. The private and public halves of the pair are often not symmetrical and often have overlap.

The parent is likely confused because in most situations the "private key file" will also contain all of the public key. Whether by necessity or for convenience.

load more comments (1 replies)
load more comments (11 replies)