Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Asymmetric Encryption

Reply
Thread Tools

Asymmetric Encryption

 
 
pintu
Guest
Posts: n/a
 
      01-15-2007
Hello everybody..

I hav some confusion regarding asymmetric encryption.As asymmetric
encryption it there is one private key and one public key.So any data
is encrypted using private key and the same is decrypted at client side
using public key and vice-versa..Now i hav confusion like i.e.

* Are both the keys available to both sender and receiver.?
* When data is encrypted using public key ,Is the same data decrypted
using private key( at client side).?
* How the keys are send to the client/receiver of message..I mean are
they assigned to browsers or they are validated or send depending on
login id/password of a user.?
*If possible kindly explain (in-short) the whole process of assymetric
encryption.!!!plz

Thanks & Regards
Priyabrata

 
Reply With Quote
 
 
 
 
Karl Seguin [MVP]
Guest
Posts: n/a
 
      01-15-2007
Asymetric encryption tends to be very good to encrypt short messages. With
this in mind, let me explain to you how WE use it. We use asymetric
encryption to securely exchange a symetric private key.

- The client (we aren't necessarily speaking a web browser), generates a
private key and a public key.
- The client sends the PUBLIC key to the server.
- The server generates a message (in our case it's a random symetric key)
and encrypts it using the PUBLIC key it got from the client
- The server sends the encrypted message
- The client uses it's PRIVATE key to decode the message
- The client and server now have a private SYMETRIC key

As you can see, the asymetric private key is NEVER sent over the wire. Only
the client (which generates it) knows it. Only the PUBLIC key is sent over
the wire (in plain text). The public key is then used by the server to
encrypt a short message. This method let's us establish a secure private key
for symetric encryption (which can do long messages).

With the public key, anyone can create an encrypted message, but only the
private key can be used to decrypt it.

This kind of exchange I explained is pretty typical, but it's still open to
a man in the middle attack. That is, when the client sends it's public key,
someone in the middle could intercept it. Then that person could create
his/her own public/private key and send THAT public key to the server. The
server (who has no way of knowing this) uses the fake public key and
encrypts the message and sends it back. The man in the middle gets THAT
message, decrypts it (since it was his public key used to encrypt it, so he
has the private key) and now has the secret message.

Things like SSL have an extra layer that help prevent man in the middle, but
that's another discussion..

Karl
--
http://www.openmymind.net/
http://www.fuelindustries.com/


"pintu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hello everybody..
>
> I hav some confusion regarding asymmetric encryption.As asymmetric
> encryption it there is one private key and one public key.So any data
> is encrypted using private key and the same is decrypted at client side
> using public key and vice-versa..Now i hav confusion like i.e.
>
> * Are both the keys available to both sender and receiver.?
> * When data is encrypted using public key ,Is the same data decrypted
> using private key( at client side).?
> * How the keys are send to the client/receiver of message..I mean are
> they assigned to browsers or they are validated or send depending on
> login id/password of a user.?
> *If possible kindly explain (in-short) the whole process of assymetric
> encryption.!!!plz
>
> Thanks & Regards
> Priyabrata
>


 
Reply With Quote
 
 
 
 
pintu
Guest
Posts: n/a
 
      01-16-2007
Thanks Karl..Really ur posting will help me in lot..



Karl Seguin [MVP] wrote:
> Asymetric encryption tends to be very good to encrypt short messages. With
> this in mind, let me explain to you how WE use it. We use asymetric
> encryption to securely exchange a symetric private key.
>
> - The client (we aren't necessarily speaking a web browser), generates a
> private key and a public key.
> - The client sends the PUBLIC key to the server.
> - The server generates a message (in our case it's a random symetric key)
> and encrypts it using the PUBLIC key it got from the client
> - The server sends the encrypted message
> - The client uses it's PRIVATE key to decode the message
> - The client and server now have a private SYMETRIC key
>
> As you can see, the asymetric private key is NEVER sent over the wire. Only
> the client (which generates it) knows it. Only the PUBLIC key is sent over
> the wire (in plain text). The public key is then used by the server to
> encrypt a short message. This method let's us establish a secure private key
> for symetric encryption (which can do long messages).
>
> With the public key, anyone can create an encrypted message, but only the
> private key can be used to decrypt it.
>
> This kind of exchange I explained is pretty typical, but it's still open to
> a man in the middle attack. That is, when the client sends it's public key,
> someone in the middle could intercept it. Then that person could create
> his/her own public/private key and send THAT public key to the server. The
> server (who has no way of knowing this) uses the fake public key and
> encrypts the message and sends it back. The man in the middle gets THAT
> message, decrypts it (since it was his public key used to encrypt it, so he
> has the private key) and now has the secret message.
>
> Things like SSL have an extra layer that help prevent man in the middle, but
> that's another discussion..
>
> Karl
> --
> http://www.openmymind.net/
> http://www.fuelindustries.com/
>
>
> "pintu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hello everybody..
> >
> > I hav some confusion regarding asymmetric encryption.As asymmetric
> > encryption it there is one private key and one public key.So any data
> > is encrypted using private key and the same is decrypted at client side
> > using public key and vice-versa..Now i hav confusion like i.e.
> >
> > * Are both the keys available to both sender and receiver.?
> > * When data is encrypted using public key ,Is the same data decrypted
> > using private key( at client side).?
> > * How the keys are send to the client/receiver of message..I mean are
> > they assigned to browsers or they are validated or send depending on
> > login id/password of a user.?
> > *If possible kindly explain (in-short) the whole process of assymetric
> > encryption.!!!plz
> >
> > Thanks & Regards
> > Priyabrata
> >


 
Reply With Quote
 
pintu
Guest
Posts: n/a
 
      01-16-2007
Thanks Karl..Really ur posting will help me in lot..
But still one doubt that..
*how the keys get generated.means we use some methods of
RSACryptoProvider class or not ?and how to know which one is private
and which one is public key. and how to work on them.

Thanks
Priyabrata



Karl Seguin [MVP] wrote:
> Asymetric encryption tends to be very good to encrypt short messages. With
> this in mind, let me explain to you how WE use it. We use asymetric
> encryption to securely exchange a symetric private key.
>
> - The client (we aren't necessarily speaking a web browser), generates a
> private key and a public key.
> - The client sends the PUBLIC key to the server.
> - The server generates a message (in our case it's a random symetric key)
> and encrypts it using the PUBLIC key it got from the client
> - The server sends the encrypted message
> - The client uses it's PRIVATE key to decode the message
> - The client and server now have a private SYMETRIC key
>
> As you can see, the asymetric private key is NEVER sent over the wire. Only
> the client (which generates it) knows it. Only the PUBLIC key is sent over
> the wire (in plain text). The public key is then used by the server to
> encrypt a short message. This method let's us establish a secure private key
> for symetric encryption (which can do long messages).
>
> With the public key, anyone can create an encrypted message, but only the
> private key can be used to decrypt it.
>
> This kind of exchange I explained is pretty typical, but it's still open to
> a man in the middle attack. That is, when the client sends it's public key,
> someone in the middle could intercept it. Then that person could create
> his/her own public/private key and send THAT public key to the server. The
> server (who has no way of knowing this) uses the fake public key and
> encrypts the message and sends it back. The man in the middle gets THAT
> message, decrypts it (since it was his public key used to encrypt it, so he
> has the private key) and now has the secret message.
>
> Things like SSL have an extra layer that help prevent man in the middle, but
> that's another discussion..
>
> Karl
> --
> http://www.openmymind.net/
> http://www.fuelindustries.com/
>
>
> "pintu" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > Hello everybody..
> >
> > I hav some confusion regarding asymmetric encryption.As asymmetric
> > encryption it there is one private key and one public key.So any data
> > is encrypted using private key and the same is decrypted at client side
> > using public key and vice-versa..Now i hav confusion like i.e.
> >
> > * Are both the keys available to both sender and receiver.?
> > * When data is encrypted using public key ,Is the same data decrypted
> > using private key( at client side).?
> > * How the keys are send to the client/receiver of message..I mean are
> > they assigned to browsers or they are validated or send depending on
> > login id/password of a user.?
> > *If possible kindly explain (in-short) the whole process of assymetric
> > encryption.!!!plz
> >
> > Thanks & Regards
> > Priyabrata
> >


 
Reply With Quote
 
Karl Seguin [MVP]
Guest
Posts: n/a
 
      01-16-2007
Yes, instances of the RSACryptoServiceProvider have methods, such as
ToXmlString() which'll export your keys to a Base64 hex values. You can
specify if you want to export both your private key and public key. ONce
you have the XML, it's pretty plain to see which is which (it's like
<encryption><privateKey>...</privateKey><publicKey>....</publicKey></encryption>
or something).

Karl

--
http://www.openmymind.net/
http://www.fuelindustries.com/


"pintu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks Karl..Really ur posting will help me in lot..
> But still one doubt that..
> *how the keys get generated.means we use some methods of
> RSACryptoProvider class or not ?and how to know which one is private
> and which one is public key. and how to work on them.
>
> Thanks
> Priyabrata
>
>
>
> Karl Seguin [MVP] wrote:
>> Asymetric encryption tends to be very good to encrypt short messages.
>> With
>> this in mind, let me explain to you how WE use it. We use asymetric
>> encryption to securely exchange a symetric private key.
>>
>> - The client (we aren't necessarily speaking a web browser), generates a
>> private key and a public key.
>> - The client sends the PUBLIC key to the server.
>> - The server generates a message (in our case it's a random symetric key)
>> and encrypts it using the PUBLIC key it got from the client
>> - The server sends the encrypted message
>> - The client uses it's PRIVATE key to decode the message
>> - The client and server now have a private SYMETRIC key
>>
>> As you can see, the asymetric private key is NEVER sent over the wire.
>> Only
>> the client (which generates it) knows it. Only the PUBLIC key is sent
>> over
>> the wire (in plain text). The public key is then used by the server to
>> encrypt a short message. This method let's us establish a secure private
>> key
>> for symetric encryption (which can do long messages).
>>
>> With the public key, anyone can create an encrypted message, but only the
>> private key can be used to decrypt it.
>>
>> This kind of exchange I explained is pretty typical, but it's still open
>> to
>> a man in the middle attack. That is, when the client sends it's public
>> key,
>> someone in the middle could intercept it. Then that person could create
>> his/her own public/private key and send THAT public key to the server.
>> The
>> server (who has no way of knowing this) uses the fake public key and
>> encrypts the message and sends it back. The man in the middle gets THAT
>> message, decrypts it (since it was his public key used to encrypt it, so
>> he
>> has the private key) and now has the secret message.
>>
>> Things like SSL have an extra layer that help prevent man in the middle,
>> but
>> that's another discussion..
>>
>> Karl
>> --
>> http://www.openmymind.net/
>> http://www.fuelindustries.com/
>>
>>
>> "pintu" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ups.com...
>> > Hello everybody..
>> >
>> > I hav some confusion regarding asymmetric encryption.As asymmetric
>> > encryption it there is one private key and one public key.So any data
>> > is encrypted using private key and the same is decrypted at client side
>> > using public key and vice-versa..Now i hav confusion like i.e.
>> >
>> > * Are both the keys available to both sender and receiver.?
>> > * When data is encrypted using public key ,Is the same data decrypted
>> > using private key( at client side).?
>> > * How the keys are send to the client/receiver of message..I mean are
>> > they assigned to browsers or they are validated or send depending on
>> > login id/password of a user.?
>> > *If possible kindly explain (in-short) the whole process of assymetric
>> > encryption.!!!plz
>> >
>> > Thanks & Regards
>> > Priyabrata
>> >

>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Asymmetric encryption/decryption Bruce ASP General 3 12-13-2007 11:41 PM
Asymmetric Encryption pintu ASP .Net Web Services 1 01-16-2007 11:24 PM
asymmetric encryption options snacktime Ruby 8 08-29-2006 06:02 PM
Pix Asymmetric Routing and a multihomed server Alex Cisco 3 01-02-2005 01:53 AM
Asymmetric Timeouts on ISDN Brandon Hines Cisco 1 12-15-2003 03:50 PM



Advertisments