RE: Basic Questions about PKI

[Kenneth Buchanan <K.Buchanan () Kastenchase com>]

> > It is because using Public key to 
> > encrypt the message is very slow.

And because it represents a security vulnerability.  An often glossed-over
fact of public-key crypto is that the public key should only ever be used to
encrypt random data (such as a random symmetric key).  If the plaintext has
low entropy (i.e. the attacker can guess it), then the attacker can encrypt
a 'guess' with your public key and, if his guess is correct, match his
output with the ciphertext in the message you sent.

-----Original Message-----
From: Chee Young, Tan [mailto:cheeyoung () crimsonlogic com]
Sent: Wednesday, October 08, 2003 11:55 AM
To: Kenneth Buchanan; Roger A. Grimes; security-basics () securityfocus com
Subject: RE: Basic Questions about PKI


Usually a random key is created to encrypted the message. The random key
is then encrypted by the recipient public key. The encrypted random key
can be attached to the message before the transmission. It is because
using Public key to encrypt the message is very slow.

-----Original Message-----
From: Kenneth Buchanan [mailto:K.Buchanan () Kastenchase com] 
Sent: Wednesday, October 08, 2003 10:05 PM
To: 'Roger A. Grimes'; security-basics () securityfocus com
Subject: RE: Basic Questions about PKI



That is correct in theory, but we pretend it's not because exploiting
that fact is highly inadvisable.

It is important that you have separate private keys for signing and
decryption.  The operations they perform are, from a theoretical
standpoint, identical, but we treat them as different operations for
practical reasons.

At the heart of it is that fact that the policies regulating the usage
of the keys is different.  For instance, it is a good idea for an
organization to have a backup of decryption keys, but should never ever
have a backup of signing keys (this would destroy the non-repudiation
aspect of any signature being created).

Any decent PKI book should explain this.  In any PKI users should be
issued dual key pairs, one pair for signing and signature verification,
and one pair for encryption and decryption.


-----Original Message-----
From: Roger A. Grimes [mailto:rogerg () cox net]
Sent: Tuesday, October 07, 2003 6:43 PM
To: security-basics () securityfocus com
Subject: Basic Questions about PKI


Can someone that knows PKI cold confirm my knowledge of PKI?

Here's what I think I know about PKI (accurate or not I'm not sure):

a.  People ENCRYPT messages to me with my PUBLIC key and send the
encrypted message to me, and only I can open the encrypted
message...because ONLY my PRIVATE key can decrypt messages encrypted
with my PUBLIC key.

b.  If I want to SIGN a message, I use my private key to sign the
message digest (ENCRYPTING the hash result).  The receiver who wants to
rely on my signed message uses my PUBLIC key to DECRYPT my encrypted
message digest.

c.  Both private and public keys can decrypt, and both private and
public keys can encrypt.  It just depends on the situation of what we
use when.

Is that logic correct?

Could we encrypt messages that we want to send to others with our
private key (but don't because if we did anyone with our public key
could read) the seemingly private message?

Roger


************************************************************************
****
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly *http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
************************************************************************
****
*****


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
----------------------------------------------------------------------------