RE: Encryption question

[Hollis Johnson <hollis () cisco com>]

Tony. One more point. The public/private keys are a pair. Defining one 
defines the other. Or rather, as you defined the pair, there is a 
relationship.

I don't have the algorithm memorized (although many on this alias might) -- 
and no ref. books at hand. But it has to do with the relationship of 2 
"very large" (I recall 100 digits) primes to which you ..... I don't remember.

But that's the answer to your last sentence -- they are a pair -- I msg 
encrypted with one part (public or private) can only be decrypted via the 
compliment.

encrypt(public) -> decrypt(private) assures confidentiality

encrypt(private) -> decrypt(public) verifies the sender (authentication) -

both assuming the private key is not compromised.

I refer you to: http://oregonstate.edu/dept/honors/makmur/

The challenge of public-key cryptography is developing a system in which it 
is impossible to determine the private key. This is accomplished through 
the use of a one-way function. With a one-way function, it is relatively 
easy to compute a result given some input values. However, it is extremely 
difficult, nearly impossible, to determine the original values if you start 
with the result. In mathematical terms, given x, computing f(x) is easy, 
but given f(x), computing x is nearly impossible. The one-way function used 
in RSA is multiplication of prime numbers. It is easy to multiply two big 
prime numbers, but for most very large primes, it is exremely 
time-consuming to factor them. Public-key cryptography uses this function 
by building a cryptosystem which uses two large primes to build the private 
key and the product of those primes to build the public key.

If you want to know more there are a number of lovely books you can spend 
your saturday nites reading :-)

Hope this helps as well. Hollis

At 12:45 PM 2/25/2004 -0500, Gene LeDuc wrote:
> Alice encrypts the message to Bob using Bob's public key and then signs it
> using her private key.  Bob verifies that the message is from Alice by using
> her public key to check the signature and then decrypts the message with his
> private key.  The encryption only hides the contents, it does not
> authenticate the message.  The signing authenticates the message but does
> not hide the contents.  You need both if you want to have a secure
> conversation.
>
> -----Original Message-----
> From: Preston, Tony [mailto:Tony.Preston () acs-inc com]
> Sent: Tuesday, February 24, 2004 11:01 AM
> To: security-basics () securityfocus com
> Subject: Encryption question
>
>
>
>
> Tony Preston
> Systems Engineer, AS&T Inc.
> Division of L3 Corporation
> (609) 485-0205 x 181
>
> I have what is a rather basic question...  I probably am missing something
> so I thought I would ask here.
>
> Alice and Bob both have a public and private key.
>
> Alice encrypts her email to Bob using his public key.  Sends the email and
> Bob decrypts it using his keys..
>
> Since both Bob and Alice's public keys are known, Why can't I take Alice's
> public key and create a key pair using any other private key.  Now, I fake
> an electronic signature from Alice using the pair I created and send a bogus
> encrypted message to Bob with my "fake" Alice signature.  Bob checks the
> signature by using the public key and it is valid.   Bob assumes the message
> is from Alice...
>
> What prevents me from spoofing someone's electronic signature this way?
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------