Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
I send you data encrypted with pvt1(private) key.
So how do you open this document?
Without my pvt1 how can you open it?
If you can open with your pvt2 key then shouldn't there be a relationship between pvt1 and pvt2 key?
Otherwise how can you open my document?
If you need my pvt1 to open the document then do we meet before to exchange the key?
Notionally, you don't encrypt with a private key. You encrypt with either a public key or a combination of a public key and a private key.
Here's how the most common scheme works:
Encrypting with a public key:
1. The recipient generates a public/private key pair. These two keys are related.
2. The recipient sends you their public key and you confirm that it belongs to them.
3. You encrypt something with the recipient's public key.
4. This can only be decrypted with the recipient's private key which only the recipient has.
5. The recipient decrypts the message with their private key.
The advantage of this system is that no setup is required between the sender and the recipient specifically. The recipient can make their public key available to all and that allows anyone to send them an encrypted message that only they can read.
The public key and private key are related in some special way. It's complicated math, but here's an oversimplified (but still tricky) explanation of how it's typically done:
You have some operation that behaves like multiplication except it is irreversible. The private key is generated randomly. There is some well known constant G. The public key is the private key "multiplied" by G. I'll call the recipient's secret key Rs and their public key Rp. So Rp = Rs * G. (Here * represents an operation that is like multiplication but is irreversible.)
To encrypt a message, you choose a new, random public/private key pair just to use for this message. I'll call the public key Ep and the private key Es. So Ep = Es * G.
To send a message, you encrypt it with Es * Rp and send it along with Ep. To decrypt it, the recipient decrypts it with Rs * Ep.
Why does this work? Because Es * Rp = Rs * Ep. Why?
Es * Rp = Rs * Ep
Es * Rs * G = Rs * Es * G
This is true because this multiplication-like operation is commutative.
Why can't an attacker decrypt it? An attacker has:
Ep (because we sent it)
Rp (because it's public)
And an attacker needs either Es * Rp or Rs * Ep. That is, he needs Es * Rs * G and he only has Es * G and Rs * G. Oops, he's stuck since he can't divide.
Related
We are using BlockCypher API to create transaction in a HD Wallet.
As a return object, you'll receive a TXSkeleton containing a
slightly-more complete TX alongside data you need to sign in the
tosign array. You'll need this object for the next steps of the
transaction creation process.
Locally Sign Your Transaction
With your TXSkeleton returned from the New Transaction Endpoint, you
now need to use your private key(s) to sign the data provided in the
tosign array.
$PRIVATEKEY here is a hex-encoded private key corresponding to the input from address CEztKBAYNoUEEaPYbkyFeXC5v8Jz9RoZH9
My problem is how do we obtain the private key of each address in HD Wallet? With HD Wallet addresses are generated using the Derive Address Endpoint. This returns a HDWallet object which contains and HDChain object which contains an HDAddress Object. The HDAddress object contains address, path and public.
An HD Address object contains an address and its BIP32 HD path
(location of the address in the HD tree). It also contains the
hex-encoded public key when returned from the Derive Address in Wallet
endpoint.
As you can see, the private key is not included in HDAddress object response. So how can we know the private key to use with tosign method if the private key is not included in HDAddress object response? And without access to private key, how can we sign the **tosign** array?
Thanks
I am trying to demystify how CSR is generated, and role of the public and private key.
Server1:
Generate a public and private key
Now, I want CSR and for that, I will go to a CA for signing.
For creating a CSR request, is it based on server's public key or private key?
I referred to this SO question; in there, it says the server (which is requesting for CSR) itself signs CSR by its private key, before sending it to CA.
I am bit confused, have the following questions:
The end product (the signed certificate by CA): Does it contain server's private key or public key? I understand that the end product should contain the public key of the server requesting CSR.
While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?
Is server's public key part of CSR?
Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?
The end product (the signed certificate by CA): Does it contain server's private key or public key?
The certificate is a public document. It therefore can only contain the public key. If it contained the private key, then that key wouldn't be private any more.
While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?
Yes, it is generally correct. This concept is called Proof of Possession (PoPo) and it used to prove to the CA that you (or the server in this case) have the private key corresponding to the public key which will be signed by the CA (or at least had it at the time just before the CA signed your certificate). If the CA didn't insist on PoPo then you could repudiate any signed future message as follows:
You have your public key signed by the CA to create your certificate. At the time, you sign your request with your private key as you should. Everything is good.
I come along and copy your public key from your certificate. I now present that to the CA as a CSR but without PoPo. The CA signs it and sends me a certificate, which now contains my name and your public key.
At some point, you send a digitally signed (with your private key) message to a third party, say your bank, asking them to donate $1000 to Stack Overflow.
You later decide that the $1000 would be better spent on a vacation, so you dispute the signed message to your bank.
The bank says But you digitally signed the message to authenticate it!!
As you know the CA signs certificates without PoPo, you simply have to say that I must have sent the message instead, using your private key which I've now destroyed in an attempt to hide the evidence.
The bank cannot prove that (6) isn't true as they didn't check I had possession of the private key corresponding to the public key in my request, and therefore your statement of it wasn't me cannot be rejected - the bank has to reimburse you.
If the bank insisted on PoPo when I submitted your public key to the CA, my request would have failed and you could not repudiate your message later. But once a CA signs a request without PoPo - all bets are off for non-repudiation.
Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?
There is no derivation to do - your server's public key is in the request in a construct called a CertificateRequestInfo.
This CertificateRequestInfo contains your (or server's) name and the public key. It can also contain other elements such as requested extensions. The CA takes whatever information it requires from this CertificateRequestInfo (only the public key is mandatory) and uses the info to generate a construct called a tbsCertificate (the 'tbs' stands for To Be Signed). This construct contains your name, your public key and whatever extensions the CA deems fit. It then signs this tbsCertificate to create your certificate.
I have a application with two users and one middle man, all of them holding the private and public key, To make the secured chat, two users and one middle man are all sending the public key and generate a secured channel. After establishing the channel, the middle man doesn't have the ability to see the encrypted message unless one of the user is sending his own key to the middle man.
i am not very familiar with cryptography, so for this app i know how to encrypt and decrypt the message.
encrypt(data) {
try {
var cipher = Crypto.createCipher('aes-256-cbc', this.password);
var encrypted = Buffer.concat([cipher.update(new Buffer(JSON.stringify(data), "utf8")), cipher.final()]);
FileSystem.writeFileSync(this.filePath, encrypted);
return { message: "Encrypted!" };
} catch (exception) {
throw new Error(exception.message);
}
}
but I don't know how to establish the encrypted channel from the stakeholders' key, and how can the one middle to see the message using his key and one of users' key?
is there a way to accomplish this using the cryptography?
I'm not sure I completely understand, but I think if you want to go with a system that doesn't use public key crypto I would suggest a system using 2 stages of encryption, actually a lot like PGP only both stages use symmetric keys-
1) There is a fixed session key generated by the first person in the chat, this can be a randomly generated number.
2) This session key is then encrypted by the keys belonging to every new member of the chat group and individually sent to them.
3) The new members decrypt with their own unique keys to get the plaintext session key back.
4) This session key is subsequently used to decrypt the messages sent to all participants. The same key can also be used to encrypt and send any new messages from any entitled participant(i.e. has the valid session key) on the chat group.
This is used in some systems but it relies on the unique keys being securely transmitted, in the first instance. If this condition can't be met, it's a problem that can be solved with public key crypto to build an end-to-end secure message system like PGP, whatsapp, etc.
I'm using MimeKit to send emails and the use of DKIM to sign them has been broached. I've looked at the example on the MimKit site, and googled the terms but found no answers.
Public Shared Sub DkimSign(ByVal message As MimeMessage)
Dim headers = New HeaderId() {HeaderId.From, HeaderId.Subject, HeaderId.Date}
Dim headerAlgorithm = DkimCanonicalizationAlgorithm.Simple
Dim bodyAlgorithm = DkimCanonicalizationAlgorithm.Simple
Dim signer = New DkimSigner("filename", "domain", "selector") With {.SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1, .AgentOrUserIdentifier = "#eng.example.com"}
message.Prepare(EncodingConstraint.SevenBit)
message.Sign(signer, headers, headerAlgorithm, bodyAlgorithm)
End Sub
When instantiating the signer it requires a filename, domain and selector. If I'm sending an email from "bob#website.com" I would assume that the physical file would be placed on the root of the site and the instantiation would look something like this:
Dim signer = New DkimSigner("dkim.txt", "website.com", "") With {.SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1, .AgentOrUserIdentifier = "???"}
But not sure the format/reason for the AgentOrUserIdentifier ... can anyone edify me or correct me if my assumptions are wrong?
The fileName parameter is the path to the private key that should be used for signing the message. I'm not sure why you expect it to be at the root of the site or why it would be called dkim.txt, but I can almost guarantee that both assumptions are wrong.
A selector is used by the receiving client to locate the correct public key in the DNS records because it's possible for the same domain to have multiple keys that it uses for signing.
The AgentOrUserIdentifier corresponds to the i= parameter that you find in the DKIM-Signature header and specifies the user or agent that is taking responsibility for the signature.
Currently we use Kleopatra to Sign and Encrypt files sent to a third party. We sign with our private key and encrypt with our public key and the third party's public key...
Using gpg by itself, do I make multiple calls adding each piece as i go? i.e.:
gpg.BinaryPath = (path to GnuPG)
gpg.Recipient = myUserID
gpg.Passphrase = myPassword
gpg.Sign( origfile, signedfile )
gpg.Encrypt( signedFile, signedAndEncryptedFile )
gpg.Recipient = thirdPartyUserID
gpg.Encrypt( signedAndEncryptedFile , thirdPartySignedAndEncryptedFile )
Any help would be appreciated...