Signing Versus Safeguarding
So let's say that everyone has our public key at this point. The first impact of this is that they can now encrypt messages to send to us using our public key and be reasonably assured that we, and only we, can decrypt it. If we've gotten their public key, we can send encrypted messages back with the assurance that only they can decrypt it.
The key difference between this approach and shared secret cryptography is that for a given group of, for example, 100 people, there are only 200 keys in total (each person's public and private keys). Furthermore, rather than each person having to know a unique shared secret for each of the individuals they communicate with, they need to know or remember only their own key pair. When Joe wants to send a message to Bob, he simply asks Bob for his public key, uses that to encrypt the message, and sends it. At this point, Joe can file Bob's public key away for future reference or just toss it out and ask again when the time comes.
All of the preceding information covers safeguarding data, but if anyone can get hold of our public key, how do we know that a given message actually came from the person who claimed to have sent it? The Internet is fundamentally an anonymous place, and just because we receive a message from someone claiming to be John Smith, it doesn't mean that John Smith actually sent the message. If only there were some way we could be sure that only John Smith could have possibly written the message.
Recall that public/private key pairs can be used in either direction. Not only can someone use a public key to encrypt data and a private key to decrypt it, they can also use their own private key to encrypt data and allow anyone else to decrypt it using their public key.
Right about now you may be asking, "What's the point of encrypting something when anyone in the world can ask for my public key to decrypt it?" The answer is that this time we're not interested in safeguarding the information; we just want to prove that we're the only ones who could have generated the information because we're the only ones with our private key. Consider the following email:
From: phb@example.com
To: bob@example.com
Date: Sat 24 Sep 2004 15:13:00 -0700 PST
Subject: Have a nice weekend bob
Bob,
I authorize you to take the company jet to Maui this weekend.
Sincerely
P.H. Boss
---BEGIN SIGNATURE---
H2309uf2jbkb3bd3d93bhdb23b32@HFLJ#nj3fn23FBFLj32r23ERG@K3d
---END SIGNATURE---
When Bob receives this email, he can't believe his eyes so he tells his email program to check the signature against his boss's public key. Sure enough it decodes to
MD5-Hash: 19cdba92bef9d71e0a7b3f78d91dfe7
Which is the exact value computed from the text of the message. If someone had simply copied a legitimate signature from another one of the boss's emails, the hash values would not match. And because only the boss has the private key needed to generate a new signature from a hash value, he must have been the one to do it.
|
