[ Lesson ] Public-Key Cryptography - Security & Cryptography

Users browsing this thread: 1 Guest(s)
Overview ---------------------------------------------

In this (bland) lesson, we'll go over the concept of public key cryptography, where it is implemented today, and how to use it yourself.

Prerequisites ------------------------------------------

1) A brain and willingness to learn.
2) A second user account to test with.
3) GPG installed on the system.

Introduction -------------------------------------------

Public-Key cryptography has been used for years for the encryption of data in various uses, such as encrypted e-mail messages,
SSH connections, and is what allows the TOR network traffic to remain anonymous even while inside of the network. Although it
has been hugely implemented by a wide range of technology since the second half of the century, public key cryptography is still
one of the most efficient and safe methods of securing content between multiple individuals or network entities, and anything
encrypted with it is nearly impossible to decipher as a third-party (government, spouse, etc.)

How does public key cryptography work? ----------------

The technique largely utilized in public-key cryptography is the use of asymmetric key algorithms, in which the key that is
responsible for the encryption of the data is different than the key used to decrypt it. Each individual who wishes to send
the encrypted data has a pair of their own cryptographic keys. One that is publicly distributed that is responsible for encryption,
and one that is private to the user, and used to decrypt the data sent. These keys are mathematically relatable, but virtually
impossible to determine via one another.

For example, if I wanted my friend Alice to send me a couple pieces of sensitive information, perhaps banking information, I would
first send my public key to her via e-mail or any other means necessary (please note that the public key _does not_ need to be
concealed from others). Alice would then encrypt the data using my public key, and send it to me with as an e-mail attachment.
Upon receiving the file sent from Alice, I use my _private_ key to decrypt the file that encrypted with my _public_ key.
Now the data is no longer encrypted, and can be understood by me.

How can I implement public key cryptography? ----------

To put it simply, you are probably using it without being aware of it. SSL web encryption use public key cryptography to encrypt your
web traffic between you and websites to keep your data safe from fraudulent entities, but also ensures the validity of websites you visit.
Instead of allowing software to utilize it without letting us see the inner workings, we will get down and dirty with GPG, an encryption system
that uses public key cryptography!

Pop open a terminal, and run "gpg --gen-key". Select the default values, and assign your keys with a name and passphrase to protect your keys.
The program will ask you to move the mouse erratically for key generation. You just generated your own unique key pair! Congrats! Now if we view your
public key while in it's current state, we will notice that it may be a bit hard to share on, say, a piece of paper or an e-mail. To convert your key
to a more readable format, run "gpg --armor --export <name of key you assigned earlier> > key".

Now since we don't have another individual to test GPG with, we'll sign in as another user on your system. As the other user, import the first key with,
"gpg --import key". We now have the other user's oublic key saved. Now make a message in a plain file. To encrypt the file, we will now use the first
user's key with, "gpg --armor --encrypt <file>". Now enter the name of the public key of the other user. Now if we view the contents of the _new_ *.asc
file, we can see it was succesfully encrypted. Now we'll 'su', back to the first user. Let's pretend the second guy already e-mailed the message to him.

To decrypt the message, we will run "gpg --decrypt message.asc". It will prompt you for the passphrase you used while creating the keys. You now have a
cleartext version of the file!

Conclusion -------------------------------------------

As bland, and seemingly useless this lesson may have seemed, the content taught in it is widely used today to keep our information and online safety intact.
I hope you enjoyed! ;)

Messages In This Thread
[ Lesson ] Public-Key Cryptography - by commodore - 21-07-2012, 03:51 AM
RE: [ Lesson ] Public-Key Cryptography - by Reki - 24-07-2012, 02:01 PM
RE: [ Lesson ] Public-Key Cryptography - by D9u - 16-09-2012, 02:59 PM
RE: [ Lesson ] Public-Key Cryptography - by yrmt - 28-03-2014, 10:18 AM