[erlang-questions] Private key encryption

Joe Armstrong <>
Wed Apr 15 11:57:34 CEST 2015


On Tue, Apr 14, 2015 at 11:28 PM, Martin Karlsson
<> wrote:
> Hi Marcus,
>
> It is getting better:)
>
> My only problem with this is that you are still using private_encrypt
> (end hence public decrypt).
>
> How are you going the distribute the RSA public key? Normally the
> public key is meant to be public but if something is encrypted using
> the RSA private key *any* party holding the RSA public key can decrypt
> the cipher.
>
> This means that you need to securely deliver the RSA public key. And
> if you had a way to securely distribute a key you wouldn't need RSA
> crypto in the first place:) (you would of course then securely
> distribute the shared secret)

There is a slight variation on this: Distribute the SHA1 checksum of
the RSA public key
(this also needs a secure channel) - but the SHA1 checksum is far
shorter so can be
scribbled on the back of an envelope.

If anybody claims to have the public key you can ask them for it and
validate with the
SHA1 checksum - this can take place over an insecure channel, since a
man-in-the-middle
will cause the SHA1 checksum to be invalid.

This is one of the tricks used in the self certifying file system
(see) http://web.archive.org/web/20080725193436/http://www.fs.net/sfswww/sfsfaq.html

There's a very nice paper that has this idea
http://www.scs.stanford.edu/~dm/home/papers/mazieres:escape.ps.gz

Self certifying systems need no centralized key authority :-)

/Joe


>
> Public Key Crypto is mainly there to be able to share a secret key and
> this can be done in one of two ways:
>
> 1) Your friends send their public RSA key to you. You do encryption as
> above but replace step 3 with a public encrypt using your friends RSA
> key. Then they will decrypt the shared secret using their private key.
>
> In this case it doesn't matter who gets the public key because it is
> only the one holding the private key that can decrypt.
>
> 2) You send your friends your public RSA key. They generate a shared
> secret which they encrypt using your public key and then sends to you.
> You decrypt the shared secret with your private key and then use that
> shared secret to encrypt the file and send to you friend.
>
> Hopefully I've got this right.
>
> Cheers,
> Martin
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions


More information about the erlang-questions mailing list