0

I am preparing for the Sec+, currently reading the book, "Mike Meyers .... Certification Passport"(book in question is irrelevant to the problem), In the cryptography chapter, topic-public key/asymmetric cryptography

It says

"the sender encrypts a message or file with the intended receiver’s public key. To decrypt this message, the receiver uses a private key that only she possesses

...offers a level of authentication and nonrepudiation"

This makes perfect sense to me. The sender would only use the receiver's public key (one key used in total to send). Next section reads,

(after sender encrypting with the private key) decrypting a message with a sender’s public key, the receiver knows this message came from the sender.

...The sender is authenticated

The "how it works"/implementation of this(^above) is a bit lost on me, but ive seen pgp-signed messages/commits, and know how to sign with my private key

i used the following to familiarize myself with it: https://stackoverflow.com/questions/14434343/how-to-encrypt-a-file-using-private-key-in-gpg

"Notice how the different combinations of key-pair encryption methods can provide different levels of information assurance, such as authentication, nonrepudiation, confidentiality, and integrity."

  1. What happens if both parties combine their own private_key and the other one's public_key? i have definitely seen this somewhere, for end-to-end communications

  2. How does GPG/asymmetric-encrypted messages to multiple reciepients work? (Assume you use their public keys) Do you use your own public or private key in conjunction with all of theirs?

  3. is there any terse description(reputable source preferable) of what and quantifiable amounts of C/I/A these combinations provide?

i couldnt find the answer here or on the SEO-spam section of the internet

Thanks for the help in advance!

User
  • 1

1 Answers1

2

There is a lot of confusion around the terminology used with asymmetric encryption. Much of it stems from the misuse of the terms.

  • Public keys are used for encrypting messages and for verifying signatures.
  • Private keys are used for decrypting messages and for creating signatures.

However, often you will see people use the term 'encrypting using the private key', when what the really mean is creating a digital signature using the private key. In actuality, it is impossible to encrypt a message using the private key, because the mathematics just don't work. For more info, see answer by Thomas Pornin at If the public key can't be used for decrypting something encrypted by the private key, then how do digital signatures work?, and pay particular attention to where he tries to blame the confusion on the deleterious effects of post-Disco pop music.

mti2935
  • 21,098
  • 2
  • 47
  • 66