Modern day encryption is performed in two different ways. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. Using the same key or using a pair of keys called the public and private keys. This video looks at how these systems work and how they can be used together to perform encryption.
Download the PDF handout
Encryption is the process of scrambling data so it cannot be read without a decryption key. Encryption prevents data being read by a 3rd party if it is intercepted by a 3rd party. The two encryption methods that are used today are symmetric and public key encryption.
Symmetric key encryption uses the same key to encrypt data as decrypt data. This is generally quite fast when compared with public key encryption. In order to protect the data, the key needs to be secured. If a 3rd party was able to gain access to the key, they could decrypt any data that was encrypt with that data. For this reason, a secure channel is required to transfer the key if you need to transfer data between two points. For example, if you encrypted data on a CD and mail it to another party, the key must also be transferred to the second party so that they can decrypt the data. This is often done using e-mail or the telephone. In a lot of cases, sending the data using one method and the key using another method is enough to protect the data as an attacker would need to get both in order to decrypt the data.
Public Key Encryption
This method of encryption uses two keys. One key is used to encrypt data and the other key is used to decrypt data. The advantage of this is that the public key can be downloaded by anyone. Anyone with the public key can encrypt data that can only be decrypted using a private key. This means the public key does not need to be secured. The private key does need to be keep in a safe place. The advantage of using such a system is the private key is not required by the other party to perform encryption. Since the private key does not need to be transferred to the second party there is no risk of the private key being intercepted by a 3rd party. Public Key encryption is slower when compared with symmetric key so it is not always suitable for every application. The math used is complex but to put it simply it uses the modulus or remainder operator. For example, if you wanted to solve X mod 5 = 2, the possible solutions would be 2, 7, 12 and so on. The private key provides additional information which allows the problem to be solved easily. The math is more complex and uses much larger numbers than this but basically public and private key encryption rely on the modulus operator to work.
Combing The Two
There are two reasons you want to combine the two. The first is that often communication will be broken into two steps. Key exchange and data exchange. For key exchange, to protect the key used in data exchange it is often encrypted using public key encryption. Although slower than symmetric key encryption, this method ensures the key cannot accessed by a 3rd party while being transferred. Since the key has been transferred using a secure channel, a symmetric key can be used for data exchange. In some cases, data exchange may be done using public key encryption. If this is the case, often the data exchange will be done using a small key size to reduce the processing time.
The second reason that both may be used is when a symmetric key is used and the key needs to be provided to multiple users. For example, if you are using encryption file system (EFS) this allows multiple users to access the same file, which includes recovery users. In order to make this possible, multiple copies of the same key are stored in the file and protected from being read by encrypting it with the public key of each user that requires access.
"Public-key cryptography" http://en.wikipedia.org/wiki/Public-k...
Not sure why you would want to do that, but in theory it would be possible. The easiest way would to create two connections with different key lengths. On one side, use it to send and receive and the other side the opposite. You would still need to sent some control codes back, but essentially the data which is the largest part would be sent on different channels. I don't know of any way hardware or software solution that allows you to choice different keys. If you wanted one, two channels would be the easiest way if it supports it or a custom encryption system.
Everything was super clear, expect my last doubt. If the second party only receives the public key, that is only used for encryption, how can the second party decrypt the data without having the private key?
Think of it this way. A Public key is only ever used to encrypt information, while a Private Key is meant to decrypt it. In this fashion, the Public key can be shared and used by others as it can ONLY ENCRYPT. However, the Private key needs to remain a closely guarded secret because it can be used to decrypt the information that was encrypted with the Public key.
Suppose of an account with one user name and multiple one-time password (exactly like crypto card).
Lets suppose I have given ID (which is same everytime) and password ( which vary every time). Now my question is, how they verify that this password belongs to the same user ID. If a crypto card can generate over millions of password for a particular ID. Is it mean that there are millions of passwords stored in the server for that particular ID ?
Why should you use Public Key encryption when the Hacker does not know whether the message being sent is Encrypted or not. Further, why should the hacker always assume that the message being sent is always encrypted ? Any message could always be encrypted to form an understandable sentence in any Language which could mean something other than the intended message. So what's the big deal ?
The issue with encryption not using public and private keys is transferring the keys or rules to the other party. As you are suggesting, having different sentence that mean something else like they do in the movies is really good security. However, exchange these between both parties and keeping them up to date is the problem. Sometimes administrators will transfer codes using the telephone. However, using public keys and private keys means a safe way to transfer keys between parties without having to worry about this. That is why it is often used to in company VPN's. Also, encrypting traffic protects you from the man in the middle attack and replay attacks, where the method you are talking about does not.
Something that I've never quite comprehended about asymmetric cryptography is how any message sent by the entity with the private key can be seen as secure?
What I mean by this is that since anyone with the corresponding public key can decrypt what has been encrypted with the private key, it's not secure at all? An example of this would be if a server uses its private key to encrypt a message containing a user's new password for a website. An attacker could then use his/her public key used by that server to decrypt that message.
What am I missing here? :)
Saitham did you find an answer for your question ? itfreetraining didnt really answer and i have this question in my head for years now !! if the server wants to send encrypted data to the client, how the client could use the public key to decrypt what the private key on the server has encrypted ? or is this (asymmetric encryption) a one way (client-server) function without supporting the other way (server-client) ?
Please anyone can answer me :( !!
Using public and private keys is computing time consuming.
Using a single shard key is not, so you want to use this method.
So what happens is that public and private keys are used to exchange a shared secret. Once this is done, the one key is used.
Usually the client will choose a session key. Encrypt it with the public key and sent it to the other side. This can be de-crypted with the private key. Now both sides have the same key.
Have a look at.
If you want both sides to use public and private keys, you need a certificate on both sides. Given how expensive this would on computing power it is generally not done that way.
Ok, let me rephrase that.
So what I mean is that since the public key is PUBLIC and anyone could theoretically have it, how can any message that is encrypted with the private key be seen as secure? I mean anyone with the public key in that key pair can decrypt that message.
What I believe your missing is that Asymmetric cryptography involves a key pair, a private key AND a public key. The public key is what is used to encrypt a message, as that is all it is capable of doing. Once encrypted, the message can now ONLY be decrypted by using the Private Key. In Asymmetric Cryptography, the Public key is freely given while the Private key is securely kept safe away from anyone who shouldn't have access to the encrypted messages.
In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes.
I think I get it now. Can anyone vouch if this simple way to explain it is accurate? ----------
Think of public keys as means to encrypt data, and private keys as a way to decrypt data. They are generated in pairs and go together. A client asks for the server to store a copy of its public key on the server (adding its public key to authrorized_keys file)
When that client requests permission to the server, the server generates a random id, password, or token that the client will have to decrypt in order to "pass". The server encrypts/hashes this random password using the client's own public key and sends it back. Along with that, the server generates a private/public keypair of its own and sends the public key back to the client also.
The client has the right private key to decrypt the password the server encypted and sent back, and does so. Now the client must send back the answer to the password to the server for verification, but do it securely. So it encrypts the password using the public key the server sent with with the original challenge, and sends to server.
The server still has the private key it generated matching this public key, decrypts the password sent, and verifies it matches the random passord it generated for the request. At this point, they could/do continue to use this password as a common private "symmetric" key in order to be able to send data back and forth securely and quickly (common private key is faster).
The problem with using the private key is that everyone has the public key and thus can decrypt the information. However the private key can be used to generate a digital signature. See this video for more information.
The keys are essentially that same. So if you called them 1 and 2. If you encrypt with 1 you use 2 to decrypt. If you used 2 to encrypt you would use 1 to decrypt. To make things simple, when two keys are created, one is called private and one is called public. So public key is used to encrypt and private is used to decrypt. You could use the private key to encrypt, but this would be silly because everyone has the public key and would offer no security.
Using public and private keys is very slow. Using one key is very quick. So you want a way to exchange a single key. So the client chooses a key. Uses the public key to encrypt it. Sends it to the sever. The server decrypts it with it's private key. It now knows the clients key. It uses this to encrypt it's own random key and sent it to the client. Or they can both use the same shared key. Either way, public and private keys are used to have a shared secret between both parties. For example, https uses this method.
In regards to authentication. This can be done many different ways. For example, the server asks the client a question which it answers using it's password. It then sent this answer back to the server. Since the answer can only be calculated using the password which both sides know, the server knows the client has given the right password. Even though the password is never sent over the network. Hashing it when you put the password through an function which changes it to a random string of data. Same principal, the hash goes over the network rather then the password.
The client generally does not have a private key. This is stored on the server. Once a secure channel has been set up using the private and public key to exchange a shared secret, it allows secure transmission. However, system likes Active Directory store a hash of the password and not the original password. So Active Directory does not know what the password is. So it will sent a challenge to the client which the client will use the password with. The server compares the answer with the hash it has stored. This way it can show the client knows the password even though the password is never transferred over the network.
Yeap, that sounds correct. Once they have either a shared symmetric key or they both know each others symmetric key, they can sent data back and forth very quickly and securely.
It seems to me you're trying to make it too complex. Take two identical dictionaries give every defined word a number than use a system with say! with 10,000 or 10,000,000 single individual digit. Give every number or word its own individual digit after that your options are almost endless.
+Marvin Dyer There are a large number of different encryption systems that can be used. The idea you have is a good one that will work in a certain situations. However, for things like SSL used in shopping carts it could not be used. So a system like this is required.
+itfreetraining With all due respect, a simple example would go a long way, even if the results with small numbers were not actually secure. These presentations come out to be little more than talking about chemistry by telling people how useful chemicals are.
some just use a private key then just image the system across all allowed computers and nothing else allows no one on but is more secure and never changes without changing it for everyone with a new OS image with the new key .... the best way to do it and the most annoying to the ppl who use the encrypted network
Something is confusing: the private key is used to decrypt. But you placed it under the guy on the left.Having seen the first example, we expect the data to be sent to the guy on the right => the private key should be under him.Thanks for sharing this though :)
thanks for the video, just one question
I get that the user sends data to the server encrypted with the public key but only the server can descrypt it with the private key.
But what about the stuff that the server sends back to the user (e.g. profile information after logging in, confirmation of orders) this isn't protected with the private key. Otherwise the user wouldn't be able to decrypt it. So from what I understand the servers response isn't using symetric encryption.
Am I missing something?
+Erik Nijland Using public key and private key is very slow. For this reason, they are often used to get a session key or shard secret on both sides.For example, the client could chose a random session key and sent it to the server using it's public key. The server has the private key so it can get the session key. Now both sides have the same key. Using the same key on both sides is a lot faster. So the public and private keys are used to exchange the session key.
+Mohnish Desai What do you mean? The public key can be transfer using any method. Generally for information to be transferred, a share key is created between the two computers and shared using certificates.
Amazing and super-interesting stuff...thank you for your effort and generosity to share!
I am a music teacher and publisher of music manuals in PDF format...
Q 1. Client 1 purchases my manual. How do I set up my Adobe PDF document so even if he shares it with someone else, it will not open on other computers?
Q 2. If I use the Public Key encryption, do I have to give the client the private key?
Q 3. Can he pass the key to other people to open my PDF if he shares it?
Q 4. Does Public and private key encryption apply to communications and also to documents?
Much obliged...my lessons are also free for practice at www.youtube.com/iLearnMusic4Free in case you would like to subscribe...i subscribed to your excellent work!
Basically the way it works is that which every key is used to encrypt the data, the other key is need to decrypt the data. So for arguments shake, if you were to use the private key to encrypt data (generally you would not do this) the public key would be needed to decrypt the data. This is how PKI systems work, which ever key is used, the other key is required to decrypt. It make it simple one is called private and one is called public.
damn! I am so sorry I didn't say anything sooner to save you time. I watched the video again and got a handle on it. most people don't answer my question and I didn't think you would either. but thank you for taking the time to respond; it's more than I deserve. thanks again so much.
It does have some of the same material in it from a previous video. Some of the content may get duplicated as we move towards modular training. This video will be organised into a play list later on based on any course it is relevant to. This means that if you study for 2008 and then later 2012, it saves you watching a second video on the same material if the first video released covered it and it has not changed. It also helps if we want to update the video later on, or add linux videos.
4) Since the server now has the pre-master key, it can generate a session key and use the pre-master key to encrypt this key and send it to the client. Now both sides have the same session key which is used for encryption.
You can see how even though encryption is supported only in one direction using private and public keys, it can be used to set up another encryption method which works in both directions which is what commonly happens.
The way SSL gets around this is the following.For example you are accessing a web site.
1) Public key is obtain by the user.
2) For encryption to happen, both sides now need to agree on a symmetric key and this key needs to be exchanged to both sides. Public key and private key is used to make these exchange happen.Generally the client will generate a pre-master key that is sent to the server using the public key.
3) The server can then obtain this pre master key using the private key.
2:11 - 2:55 Very confusing. "public key needed to encrypt traffic. private key needed to decrypt, but private key not needed to decrypt therefore no need to send private key"
hmmm! how is he gona decrypt without private key?
Intelligently assess unstructured content to drive compliance, records management, eDiscovery and targeted migration initiatives.
Secure File Sharing Basics.
Learn the basic cloud features any vendor should have, as well as basic and advanced security measures, before choosing a provider.
The Perils of Email Attachments.
Explore the dangers of sending sensitive business content via email attachments and how it compromises security.
Leveraging the Power of Collaboration.
Discover how Box amplifies Office 365 to make content inside and outside your business more collaborative, mobile and secure.
Learn how companies today are leveraging Box and Office 365 to collaborate securely and seamlessly across their organization.
How to Address Shadow IT in the Enterprise.
Find out how Box addresses Shadow IT in the enterprise without placing blame on your employees.
Bring Your Own Encryption.
Learn about customer-managed encryption, and why businesses should stay in control of their encrypted content in the cloud.
Securing Business Information in the Cloud.
Explore how a new generation of secure, enterprise cloud services mitigates security risks by centralizing documents in one platform.
Design Thinking and Enterprise Security.
How to Protect Content in the Age of Distributed Computing.
Adapting security controls to protect sensitive content has proven difficult in the mobile workplace. Learn how you can secure your content and prevent data loss.
Bridging The Cloud Encryption Gap.
Learn how you can bridge the cloud encryption gap with customer-managed encryption keys.
10 Lessons from Tech Leaders on Digital Transformation.
4 Ways to Build Better Apps with Secure Content Services.
5 Counterintuitive Mistakes Made by Companies Going Digital.
Learn how to make the right decisions upfront while building your digital business.
Explore the four key points you should consider when deciding between cloud versus hybrid for your business.
The Future of Security.