12

I am trying to understand the principles of asymmetric encryption, and have read the following in a book:

One key is completely public and can be read and used by everyone. The other part is private and should never be shared with someone else. When you encrypt something with the public key, it can be decrypted by using the private key, and vice versa.

Looks like the public key is not secret. But if I encrypt with the private key, someone can decrypt with the public key which is easily accessible. Where's the logic in that?

Arminius
  • 44,242
  • 14
  • 143
  • 138
vico
  • 269
  • 2
  • 6

4 Answers4

10

The usage of asymmetric keys is as follows:

  • Encryption is done using the public key
  • Signing is done using the private key

Encryption:

  • The data is encrypted using the public key
  • The encrypted data is decrypted using the private key
    • Only the owner of the private key can read the encrypted message

Signing

  • The HASH of the data is encrypted using the private key
  • The receiver use the public key on the encrypted hash data, and compare it to the the HASH of the data he calculate himself
    • Only the owner of the private key can sign the message
Yaron
  • 522
  • 1
  • 5
  • 12
  • So, encrypt data can everybody that has public key. Because of that each message has signature (hash) made by private key. Receiver gets message and checks signature. If signature is Ok, the it decrypts message? – vico Oct 15 '17 at 10:25
  • @vico - not exactly - the public key is used for encryption, and only the the private key which is kept in private can decrypt the message. The case when using the private-key to encrypt, and the public-key to decrypt is limited to the *signing* of a message, only the owner of the private-key should be able to sign a message, and everyone should be able to confirm that the signature is correct – Yaron Oct 15 '17 at 10:30
  • So, there are two cases: – vico Oct 15 '17 at 10:37
  • @Yaron. I understand both encryption and digital signing. What I don't get is if I can decrypt the digital signature of a message (second case) using the public key, why can't I also decrypt the message itself (the first case) using the same public key. How does the decryption process know that the text that it's decrypting is the signature (to get the hash) rather than the encrypted message (to get the message)? – Milind Sep 16 '18 at 00:02
9

Looks like public key is not secret. But if I encrypt with private, someone can decrypt with public which is easy accessible. Where is logic?

So let's go the public encrypt -> private decrypt route. You're seemingly already aware of the use case of this. Users are able to encrypt things with your public key, that only your private key can decrypt. This is useful for when say a user on the internet wants to send a message that only you, as the owner of the private key, can decrypt.

This is all well and good, but what purpose does the other direction serve (encrypt w/ private -> decrypt w/ public)? The answer is, you can help assure that you are a owner of the private key to a corresponding public key when you encrypt a message with your private key, and the public key is able to successfully decrypt and verify the message. This is the basic idea around Signature Generation and verification.

Kritner
  • 231
  • 1
  • 6
0

Actually you as a sender encrypt the data using the receivers public key, and then the receiver decrypt the data using his private key. So data gets encrypted using public keys, not private keys.

Anders
  • 65,052
  • 24
  • 180
  • 218
mrashid
  • 195
  • 12
  • So, encrypt can everybody that knows public key, but decryption is possible only with private one. Just clarify public key is the same for both sides? – vico Oct 15 '17 at 10:11
  • yes decryption with the private key,, but the thing is each one have his own public and private keys ,, when two devices communicate they share public keys to each other so everyone can decrypt with his own private key. – mrashid Oct 15 '17 at 10:21
  • here a video more explaining (https://www.youtube.com/watch?v=XBG50hUUb8k) – mrashid Oct 15 '17 at 10:36
0

Yes it can be done. This will be useful in the case when you are trying to verify that the person (Bob) has encrypted the file by himself and not by any other person (Eve), as it will be only decrypted by the bob's public key.