Re: Key Management

---

• From: dj3vande@xxxxxxxxxxxxxxxxxxxxxxxxxxx
• Date: Wed, 22 Oct 2008 20:32:00 +0000 (UTC)

---

In article <rbidnXhzP6Rr4GLVnZ2dnUVZ_g-dnZ2d@xxxxxxxxxxxxxx>,
David E. Ross <nobody@xxxxxxxxxxx> wrote:

I am adding a new Web page to my PGP pages. Currently it addresses two
issues of key management; I might add other issues later.

I would appreciate review comments about the page. Please remember that
my PGP pages are not intended to be rigorously technical. Instead, they
are oriented to the average user.

The page is at <http://www.rossde.com/PGP/key_mgmnt.html>.

The section on transferring private keys may be improved by working in
a mention that the point of the exercise is to create a secure channel,
and that once you have found some way to set up that secure channel you
can safely send your private key through it.
(I prefer to use scp, but that's probably way more detail than would be
suitable for your target audience.)


I also did some looking at the rest of the site and came across this
(in the public/private-key section of the "PGP encryption" page):
It uses one key (the public key) to encrypt the target data, using a
mathematical operation far more complicated than merely adding the
two together. There is no known mathematical operation that can take
that same key and use it for decryption.
Ow, my math. There *is* a simple mathematical operation that can give
the private key given the public key; it's just extraordinarily hard to
compute. (Factoring products of large primes or solving the discrete
logarithm problem aren't complicated-hard, they're just lots-of-work-
hard.)
Here's an attempt at re-working the second sentence to correct that
without losing accessibility for the average user:
It's extremely hard to go the other way and use the information in
the public key to decrypt a message. (How hard? Hard enough that
nobody has *ever*, with all the computing power in the world, done it
with the types of keys currently in use.)
(There's probably more improvement that could be done. Moving this
part after the next sentence, introducing private keys, may make it
flow better.)


dave

--
Dave Vandervies dj3vande at eskimo dot com
You're right of course. Stupid mistake on my part. That'll teach me
to post while using a rented brain.
--Keith Thompson in comp.lang.c
.

---

• Follow-Ups:
  • Re: Key Management
    • From: David E. Ross

• References:
  • Key Management
    • From: David E. Ross

• Prev by Date: Key Management
• Next by Date: Re: Key Management
• Previous by thread: Key Management
• Next by thread: Re: Key Management
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Key Management ... There is no known mathematical operation that can take ... the private key given the public key; ... part after the next sentence, introducing private keys, may make it ... uploading them until I get comments from others. ... (comp.security.pgp.discuss) Re: I need a encryption utility that will... ... >>utility, so when they specify one or more files for inclusion, they just ... > - it's also possible for the senders to create their own private keys, ... > Here is where a "commodity" public key system doesn't match your ... (comp.security.misc) Re: Object contains only the public half of a key pair. A private key ... Server public key ... Service public and private keys ... I used cert tools to grant everyone full ... <response signatureOptions="IncludeAddressing, IncludeTimestamp, ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: I need a encryption utility that will... ... >utility, so when they specify one or more files for inclusion, they just ... - with that the sender can encrypt information so that only the ... you will periodically provide new copies of your public key ... it's also possible for the senders to create their own private keys, ... (comp.security.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)