Re: More on learning "Public Key Authentication"

"Jon Aalborg" <navn@xxxxxxxxxxxxxxx> wrote in message
> Tom Stiller <tomstiller@xxxxxxxxxxx> wrote:
> > In article <1h2h4qp.16l3r5zkr6rf2N%navn@xxxxxxxxxxxxxxx>,
> > navn@xxxxxxxxxxxxxxx (Jon Aalborg) wrote:
> >
> > > You use a password, preferably long and complex, to generate a
> > > public/private keypair. They relate in such a way that you can always
> > > decrypt stuff coded with the public key by using the private one and
> > > that only, never vice versa (there are good mathematical reasons why
> > > this is so, don't ask me for details as I wouldn't be able to
> > > them anyway).
> >
> > I'm not sure if this is just an awkwardly constructed sentence or if
> > it's just plain wrong. In any event, let me say that in public key
> > encryption, the public key and private keys can be applied in either
> > order to transform a message from cleartext to ciphertext and back to
> > cleartext. However, the intervening ciphertext will be different
> > depending on the order of keu application.
> >
> > Specifically:
> > cleartext -(private key)-> ciphertext1 -(public key)-> cleartext and
> > cleartext -(public key)-> ciphertext2 -(private key)-> cleartext both
> > work but ciphertext1 and ciphertext2 are not the same.
> >
> > A simple digital transaction can be constructed as follows:
> > Let Bob encrypt a message with his own private key (which he owns) and
> > encrypt the result with Alice's public key (which he knows). The result
> > is sent to Alice who decrypts the message with her private key (which
> > she owns) and decrypts the result with Bob's public key (which she
> > knows). The resulting message could only have come from Bob and can
> > only be read by Alice.
> >
> > Public key enciphering is to slow to be practical for large messages so
> > it is frequently only used to exchange a "session" key which is used
> > with a fast, robust, encryption scheme to the main data exchanges.
> This can't be right. I hope it isn't.
> A simple thought experiment:
> I store my public key on a server for anyone to retrieve as needed, so
> that they can encrypt messages for me. If someone then can steal a
> message from me (e.g., by physically accessing my disk), one that I
> encrypted with my private key and they can then decrypt it with the
> publicly available key, floating around on the internet like it should
> be, then my security is really, _really_ compromised.
> OTOH, they might be able to use my public key to _verify_ that "I am me"
> if they use it to check a _signed_ message. That is very different from
> an _encrypted_ one, although a message may easily be both signed and
> encrypted. I think that is what you mean? If so, I understand what you
> are talking about, at least. I could sign a message using my private key
> so that someone could verify that a mesage came from me.
> If I want to send something to Anne that only she should read, I need
> her public key. I will then encrypt the message using that, certain that
> only she, using her _private_ key, can decrypt it. I would never encrypt
> it with my private key and ask her to just find a copy of my public key
> to decrypt it. How can that be safe?
> It should not, cannot, be enough for someone to get a copy of my public
> key from somewhere to decrypt stuff I really want to keep secret and
> that I encrypt using my private key. That would negate the whole
> concept, as far as I am able to understand. Or am I totally at sea here?

No, I can't think straight right now but I think Tom had the steps
backwards. For Bob to send a secure message to Anne he should encrypt with
Anne's public key, and then sign with his private key if he wants Anne to be
sure the message is from him. Anne would check the sig with Bob's public
key, and then decrypt it with her private key, no?