Asymmetric encryption requires at least two entities (usually people) to exchange encrypted messages

Do repost and rate:

Asymmetric encryption requires at least two entities (usually people) to exchange encrypted messages. It also requires each of those entities to have two keys:

  • key, which is shared
  • private key, which is kept secret

Here's how it works, in simple terms:

Listen carefully; I will say this only once!

As with all systems/methods, some initial setup is required.

  • Michelle uses software to create a key pair (public and private keys) for herself.
  • Rene uses the same (or compatible software) for himself.
  • Michelle and Rene exchange their keys over secure channels (such as Element or Signal, email), storing their private keys somewhere safe (preferably not on their computers).

This process need only be repeated if a key is compromised/expired/lost and/or revoked.

Allo, Allo!

With that out of the way, exchanging encrypted messages can begin.

  • To send a message to Rene, Michelle uses her encryption software to encrypt the message, selecting her private key and Rene's public key.
  • The software derives (generates) a per-message session key based on the two supplied keys.
  • The software encrypts the message using the derived key.
  • Both the derived key and message are sent to Rene (usually with the derived key attached to the encrypted message, as one chunk of data).
  • Rene receives the encrypted message and enters it into his software, supplying his private key.
  • The software extracts the derived key.
  • Using the derived key with Rene's private key, the software decrypts the message and shows the plaintext to Rene.
  • The process is repeated when Rene sends a response to Michelle (except that Rene's private key and Michelle's public key are used).
  • Without Michelle or Rene's private key, anyone intercepting the message to that person cannot decrypt it (in theory, anyway).
PGP is not foolproof, but it's better than nothing.

One potential pitfall with this approach may be that of sending metadata in the clear. If the of a message is sensitive enough to warrant encryption, Michelle and Rene will do themselves a favour by not having the subject line in the clear as well. To follow a theme, they would discuss the movements of "onion sellers" instead of "British airmen". Obviously, the more elaborate and obscure the code used (a topic of discussion unto itself), the better, but you get the idea.

Instead of using the standard characters for cryptography and science (Alice and Bob), I've used characters from the British TV series Allo, Allo, to add humour.

Post thumbnail: Photo by Pixabay

 https://www.publish0x.com

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024