Home/ Questions/Q 5943477
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T16:24:04+00:00

I have a question about public key encryption if the the following example of

  • 0

I have a question about public key encryption if the the following example of how things play out is essentially correct. Then I wonder where I can find the implementations of the three algorithms which I call KG1, EA1, and DA1 and about how many lines of code each is.

Alice wants to get messages securely. She uses a key generation algorithm KG1 to create private key “C2A836B33FF1E” and public key “35B1AC692” and publishes the public key to the world.

Bob puts the input of his message “HELLO FROM BOB” and the public key “35B1AC692” into encryption algorithm EA1 which yields the string “DF1537532CB23B” and sends this string to Alice. Chuck intercepts a copy too.

Alice has a decryption algorithm DA1 that can take as input the string “DF1537532CB23B” and her private key “C2A836B33FF1E” and yield output “HELLO FROM BOB”, but since Chuck doesn’t have the private key “C2A836B33FF1E”, he can’t convert “DF1537532CB23B” into “HELLO FROM BOB”. Also, though Chuck knows the KG1 algorithm and the public key “35B1AC692”, he can’t use this information to work back to the private key.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You got things right. The main problem caused by this scheme is “How can Bob be sure that the public key he got from “the world” is Alice’s public key, and not Chuck’s public key? Indeed, if it were Chuck’s public key, Chuck would be able to decrypt the message Bob sends to Alice.

    This is resolved by certificates. Every participant has a copy of the public key of well-known and trusted certificate authorities. When Alice want to publish it public key to the world, she pays one of these authorities to get a certificate, containing her public key. When getting a certificate, everyone can verify, with the authority’s public key, that the certificate hasn’t been corrupted, and so be sure that the public key is Alice’s public key, and not Chuck’s.

    The basic process of certification is a cryptographic signature : the certificate authority encrypts some data with its private key. When you have the data, its signature, and the authority’s public key, you may verify that decrypting the signature with the authority’s public key leads to the original data.

    RSA is a de facto standard, and is available in many languages and platforms. You shouldn’t reimplement it yourself.

    • 0