Asymmetric Encryption

Discussion in 'ASP .Net' started by pintu, Jan 15, 2007.

  1. pintu

    pintu Guest

    Hello everybody..

    I hav some confusion regarding asymmetric encryption.As asymmetric
    encryption it there is one private key and one public key.So any data
    is encrypted using private key and the same is decrypted at client side
    using public key and vice-versa..Now i hav confusion like i.e.

    * Are both the keys available to both sender and receiver.?
    * When data is encrypted using public key ,Is the same data decrypted
    using private key( at client side).?
    * How the keys are send to the client/receiver of message..I mean are
    they assigned to browsers or they are validated or send depending on
    login id/password of a user.?
    *If possible kindly explain (in-short) the whole process of assymetric
    encryption.!!!plz

    Thanks & Regards
    Priyabrata
     
    pintu, Jan 15, 2007
    #1
    1. Advertising

  2. Asymetric encryption tends to be very good to encrypt short messages. With
    this in mind, let me explain to you how WE use it. We use asymetric
    encryption to securely exchange a symetric private key.

    - The client (we aren't necessarily speaking a web browser), generates a
    private key and a public key.
    - The client sends the PUBLIC key to the server.
    - The server generates a message (in our case it's a random symetric key)
    and encrypts it using the PUBLIC key it got from the client
    - The server sends the encrypted message
    - The client uses it's PRIVATE key to decode the message
    - The client and server now have a private SYMETRIC key

    As you can see, the asymetric private key is NEVER sent over the wire. Only
    the client (which generates it) knows it. Only the PUBLIC key is sent over
    the wire (in plain text). The public key is then used by the server to
    encrypt a short message. This method let's us establish a secure private key
    for symetric encryption (which can do long messages).

    With the public key, anyone can create an encrypted message, but only the
    private key can be used to decrypt it.

    This kind of exchange I explained is pretty typical, but it's still open to
    a man in the middle attack. That is, when the client sends it's public key,
    someone in the middle could intercept it. Then that person could create
    his/her own public/private key and send THAT public key to the server. The
    server (who has no way of knowing this) uses the fake public key and
    encrypts the message and sends it back. The man in the middle gets THAT
    message, decrypts it (since it was his public key used to encrypt it, so he
    has the private key) and now has the secret message.

    Things like SSL have an extra layer that help prevent man in the middle, but
    that's another discussion..

    Karl
    --
    http://www.openmymind.net/
    http://www.fuelindustries.com/


    "pintu" <> wrote in message
    news:...
    > Hello everybody..
    >
    > I hav some confusion regarding asymmetric encryption.As asymmetric
    > encryption it there is one private key and one public key.So any data
    > is encrypted using private key and the same is decrypted at client side
    > using public key and vice-versa..Now i hav confusion like i.e.
    >
    > * Are both the keys available to both sender and receiver.?
    > * When data is encrypted using public key ,Is the same data decrypted
    > using private key( at client side).?
    > * How the keys are send to the client/receiver of message..I mean are
    > they assigned to browsers or they are validated or send depending on
    > login id/password of a user.?
    > *If possible kindly explain (in-short) the whole process of assymetric
    > encryption.!!!plz
    >
    > Thanks & Regards
    > Priyabrata
    >
     
    Karl Seguin [MVP], Jan 15, 2007
    #2
    1. Advertising

  3. pintu

    pintu Guest

    Thanks Karl..Really ur posting will help me in lot..



    Karl Seguin [MVP] wrote:
    > Asymetric encryption tends to be very good to encrypt short messages. With
    > this in mind, let me explain to you how WE use it. We use asymetric
    > encryption to securely exchange a symetric private key.
    >
    > - The client (we aren't necessarily speaking a web browser), generates a
    > private key and a public key.
    > - The client sends the PUBLIC key to the server.
    > - The server generates a message (in our case it's a random symetric key)
    > and encrypts it using the PUBLIC key it got from the client
    > - The server sends the encrypted message
    > - The client uses it's PRIVATE key to decode the message
    > - The client and server now have a private SYMETRIC key
    >
    > As you can see, the asymetric private key is NEVER sent over the wire. Only
    > the client (which generates it) knows it. Only the PUBLIC key is sent over
    > the wire (in plain text). The public key is then used by the server to
    > encrypt a short message. This method let's us establish a secure private key
    > for symetric encryption (which can do long messages).
    >
    > With the public key, anyone can create an encrypted message, but only the
    > private key can be used to decrypt it.
    >
    > This kind of exchange I explained is pretty typical, but it's still open to
    > a man in the middle attack. That is, when the client sends it's public key,
    > someone in the middle could intercept it. Then that person could create
    > his/her own public/private key and send THAT public key to the server. The
    > server (who has no way of knowing this) uses the fake public key and
    > encrypts the message and sends it back. The man in the middle gets THAT
    > message, decrypts it (since it was his public key used to encrypt it, so he
    > has the private key) and now has the secret message.
    >
    > Things like SSL have an extra layer that help prevent man in the middle, but
    > that's another discussion..
    >
    > Karl
    > --
    > http://www.openmymind.net/
    > http://www.fuelindustries.com/
    >
    >
    > "pintu" <> wrote in message
    > news:...
    > > Hello everybody..
    > >
    > > I hav some confusion regarding asymmetric encryption.As asymmetric
    > > encryption it there is one private key and one public key.So any data
    > > is encrypted using private key and the same is decrypted at client side
    > > using public key and vice-versa..Now i hav confusion like i.e.
    > >
    > > * Are both the keys available to both sender and receiver.?
    > > * When data is encrypted using public key ,Is the same data decrypted
    > > using private key( at client side).?
    > > * How the keys are send to the client/receiver of message..I mean are
    > > they assigned to browsers or they are validated or send depending on
    > > login id/password of a user.?
    > > *If possible kindly explain (in-short) the whole process of assymetric
    > > encryption.!!!plz
    > >
    > > Thanks & Regards
    > > Priyabrata
    > >
     
    pintu, Jan 16, 2007
    #3
  4. pintu

    pintu Guest

    Thanks Karl..Really ur posting will help me in lot..
    But still one doubt that..
    *how the keys get generated.means we use some methods of
    RSACryptoProvider class or not ?and how to know which one is private
    and which one is public key. and how to work on them.

    Thanks
    Priyabrata



    Karl Seguin [MVP] wrote:
    > Asymetric encryption tends to be very good to encrypt short messages. With
    > this in mind, let me explain to you how WE use it. We use asymetric
    > encryption to securely exchange a symetric private key.
    >
    > - The client (we aren't necessarily speaking a web browser), generates a
    > private key and a public key.
    > - The client sends the PUBLIC key to the server.
    > - The server generates a message (in our case it's a random symetric key)
    > and encrypts it using the PUBLIC key it got from the client
    > - The server sends the encrypted message
    > - The client uses it's PRIVATE key to decode the message
    > - The client and server now have a private SYMETRIC key
    >
    > As you can see, the asymetric private key is NEVER sent over the wire. Only
    > the client (which generates it) knows it. Only the PUBLIC key is sent over
    > the wire (in plain text). The public key is then used by the server to
    > encrypt a short message. This method let's us establish a secure private key
    > for symetric encryption (which can do long messages).
    >
    > With the public key, anyone can create an encrypted message, but only the
    > private key can be used to decrypt it.
    >
    > This kind of exchange I explained is pretty typical, but it's still open to
    > a man in the middle attack. That is, when the client sends it's public key,
    > someone in the middle could intercept it. Then that person could create
    > his/her own public/private key and send THAT public key to the server. The
    > server (who has no way of knowing this) uses the fake public key and
    > encrypts the message and sends it back. The man in the middle gets THAT
    > message, decrypts it (since it was his public key used to encrypt it, so he
    > has the private key) and now has the secret message.
    >
    > Things like SSL have an extra layer that help prevent man in the middle, but
    > that's another discussion..
    >
    > Karl
    > --
    > http://www.openmymind.net/
    > http://www.fuelindustries.com/
    >
    >
    > "pintu" <> wrote in message
    > news:...
    > > Hello everybody..
    > >
    > > I hav some confusion regarding asymmetric encryption.As asymmetric
    > > encryption it there is one private key and one public key.So any data
    > > is encrypted using private key and the same is decrypted at client side
    > > using public key and vice-versa..Now i hav confusion like i.e.
    > >
    > > * Are both the keys available to both sender and receiver.?
    > > * When data is encrypted using public key ,Is the same data decrypted
    > > using private key( at client side).?
    > > * How the keys are send to the client/receiver of message..I mean are
    > > they assigned to browsers or they are validated or send depending on
    > > login id/password of a user.?
    > > *If possible kindly explain (in-short) the whole process of assymetric
    > > encryption.!!!plz
    > >
    > > Thanks & Regards
    > > Priyabrata
    > >
     
    pintu, Jan 16, 2007
    #4
  5. Yes, instances of the RSACryptoServiceProvider have methods, such as
    ToXmlString() which'll export your keys to a Base64 hex values. You can
    specify if you want to export both your private key and public key. ONce
    you have the XML, it's pretty plain to see which is which (it's like
    <encryption><privateKey>...</privateKey><publicKey>....</publicKey></encryption>
    or something).

    Karl

    --
    http://www.openmymind.net/
    http://www.fuelindustries.com/


    "pintu" <> wrote in message
    news:...
    > Thanks Karl..Really ur posting will help me in lot..
    > But still one doubt that..
    > *how the keys get generated.means we use some methods of
    > RSACryptoProvider class or not ?and how to know which one is private
    > and which one is public key. and how to work on them.
    >
    > Thanks
    > Priyabrata
    >
    >
    >
    > Karl Seguin [MVP] wrote:
    >> Asymetric encryption tends to be very good to encrypt short messages.
    >> With
    >> this in mind, let me explain to you how WE use it. We use asymetric
    >> encryption to securely exchange a symetric private key.
    >>
    >> - The client (we aren't necessarily speaking a web browser), generates a
    >> private key and a public key.
    >> - The client sends the PUBLIC key to the server.
    >> - The server generates a message (in our case it's a random symetric key)
    >> and encrypts it using the PUBLIC key it got from the client
    >> - The server sends the encrypted message
    >> - The client uses it's PRIVATE key to decode the message
    >> - The client and server now have a private SYMETRIC key
    >>
    >> As you can see, the asymetric private key is NEVER sent over the wire.
    >> Only
    >> the client (which generates it) knows it. Only the PUBLIC key is sent
    >> over
    >> the wire (in plain text). The public key is then used by the server to
    >> encrypt a short message. This method let's us establish a secure private
    >> key
    >> for symetric encryption (which can do long messages).
    >>
    >> With the public key, anyone can create an encrypted message, but only the
    >> private key can be used to decrypt it.
    >>
    >> This kind of exchange I explained is pretty typical, but it's still open
    >> to
    >> a man in the middle attack. That is, when the client sends it's public
    >> key,
    >> someone in the middle could intercept it. Then that person could create
    >> his/her own public/private key and send THAT public key to the server.
    >> The
    >> server (who has no way of knowing this) uses the fake public key and
    >> encrypts the message and sends it back. The man in the middle gets THAT
    >> message, decrypts it (since it was his public key used to encrypt it, so
    >> he
    >> has the private key) and now has the secret message.
    >>
    >> Things like SSL have an extra layer that help prevent man in the middle,
    >> but
    >> that's another discussion..
    >>
    >> Karl
    >> --
    >> http://www.openmymind.net/
    >> http://www.fuelindustries.com/
    >>
    >>
    >> "pintu" <> wrote in message
    >> news:...
    >> > Hello everybody..
    >> >
    >> > I hav some confusion regarding asymmetric encryption.As asymmetric
    >> > encryption it there is one private key and one public key.So any data
    >> > is encrypted using private key and the same is decrypted at client side
    >> > using public key and vice-versa..Now i hav confusion like i.e.
    >> >
    >> > * Are both the keys available to both sender and receiver.?
    >> > * When data is encrypted using public key ,Is the same data decrypted
    >> > using private key( at client side).?
    >> > * How the keys are send to the client/receiver of message..I mean are
    >> > they assigned to browsers or they are validated or send depending on
    >> > login id/password of a user.?
    >> > *If possible kindly explain (in-short) the whole process of assymetric
    >> > encryption.!!!plz
    >> >
    >> > Thanks & Regards
    >> > Priyabrata
    >> >

    >
     
    Karl Seguin [MVP], Jan 16, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Luc The Perverse

    Java Source For Asymmetric Key Ciphers

    Luc The Perverse, Jan 16, 2006, in forum: Java
    Replies:
    54
    Views:
    2,121
    WhatIThink
    Feb 8, 2011
  2. =?ISO-8859-1?Q?Sch=FCle_Daniel?=

    int <-> str asymmetric

    =?ISO-8859-1?Q?Sch=FCle_Daniel?=, Mar 16, 2006, in forum: Python
    Replies:
    1
    Views:
    487
    Steven Bethard
    Mar 16, 2006
  3. pintu

    Asymmetric Encryption

    pintu, Jan 15, 2007, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    135
    Mariano Omar Rodriguez
    Jan 16, 2007
  4. Bruce
    Replies:
    3
    Views:
    284
    Anthony Jones
    Dec 13, 2007
  5. snacktime

    asymmetric encryption options

    snacktime, Aug 28, 2006, in forum: Ruby
    Replies:
    8
    Views:
    162
    snacktime
    Aug 29, 2006
Loading...

Share This Page