I have been studying Network Infrastructure, and started learning PKI (Public Key Infrastructure). I have read Microsoft’s official curriculum, and a third party book. There is a discrepancy I can’t seem to find out a definite answer for. All descrpitions say that when a file is encrypted (let’s say Alice sends a file to Bob, since that for some reason is always used as the example), Alice encrpyts the file with Bob’s public key. But the Microsoft book seemed to say that Bob opened the file with *Alice’s *private key, while the third party book said Bob opened it with his private key. Even in Microsoft’s book their description wasn’t clear, and it could seem to be either one (although the illustration said explicitly that he used hers). My logic goes with Bob opening the file with his key, since, well, its his. But my teacher followed Microsoft. Can anyone give an answer, preferably with a citation, that not only says what the actual answer is, but can explain the confusion in the sources?
The confusion in the sources no doubt stems from the fact that one of the sources is Microshaft. With public key encryption, you encrypt a file with someone’s public key (obviously), the he decrypts it with his private key. If Bob had Alice’s private key, it wouldn’t be very private, would it? Your logic is correct in this. Your teacher is apparently confused; trust in the Board instead. Note that you can encrypt material with your private key to allow others to decrypt it with your public key–this is sometimes done with signatures.
Here’s a site with a quickie explanation:
http://www.nwfusion.com/news/64452_05-17-1999.html
You might also try a search on “RSA” and “algorithm”.
Balance is correct. To add some to his answer:
Most public key cryptosystems are symmetric. Alice can encrypt with Bob’s public key, which Bob can then decrypt with Bob’s private key; or Alice can encrypt with her private key, which Bob can then decrypt with Alice’s public key. This leads to all sorts of schemes, such as the simplest digital signature scheme: Alice encryptes with her private key, and encrypts the result with Bob’s public key. Bob receives the message and decrypts it with his private key (which only he can do), getting nonsesnse. He then decrypts the nonsense using Alice’s public key, getting the original message. Since only Alice could have produced that particular nonsense that leads to the readable message using Alice’s public key, then Alice has produced that message.
In practice, PK systems are typically very slow, and are used only to exchange keys for a faster single-key system (usually using the Diffie-Hellman key exchange protocol).
For information on cryprography, you know nothing unless you have read Kahn’s The Codebreakers (almost nothing on public key cryptography, but great for background and a fascinating read). The classic modern reference is Schneier’s Applied Cryptography, about half to two-thirds of which is interesting to people who don’t want to write cryptographic programs. This and several other classic works (unfortunately not Kahn) are available (for less money than you’d pay for all the books) on CD-ROM at DDJ Essential Books on Cryptography & Security CD. Schneier has a hell of a web site at Counterpane Internet Security and its sister, Counterpane Labs. If you want to keep up with what’s really going on and other stuff, subscribe to his newsletter at http://www.counterpane.com/crypto-gram.html (and read some of the old issues on the web site).
Schneier’s book contains some fascinating algorithms. Consider:
N (N > 2) cryptographers go out to dinner, have a nice time, and ask for the check. The waiter says:
“Either the dinner has been paid for by one of the people present at the table, who wishes to remain anonymous; or it has been paid for by the National Security Agency… So there is no check.”
The cryptographers do not wish to be beholden to NSA, but they do not want to deny anybody the anonymity they desire. How can they determine whether or not one of their number paid for the dinner without possibly revealing the identity of that person?