09-27-2002 05:06 AM - edited 03-09-2019 12:29 AM
Suppose two users A and B.
If B send info encrypted with A's public key, only A can decrypt the info because he is the only one with it's private key. But if A send info encrypted with it's own private key, anyone with A's public key can decrypt the info, right? isn't this a security issue?
Regards,
JPL
09-27-2002 05:15 AM
It is highly recommended that each peer have their own public keys. Don't use the same key between 2 different peers. Keys are the most important part of security, guard them with your life :)! You can have the most advanced encryption algo in the world, but if you have the key ..... And that's really what you want, people you trust the key with should be able to decrypt your packets. Just guard the key and use different ones with different peers, and change them every so often.
Steve
09-27-2002 05:26 AM
What you are telling me is that if A wants to communicate with B he should use B's public key and for B->A, B should use A's public key. So each user must have a public key for each partner he wants to communicate with?
Regards,
JPL
09-27-2002 07:22 AM
Sorry if my writting is unclear. What I meant was - In ipsec there are 3 keys - public (shared with the peer, used to verify a signature), private (secret and never shared, used to sign a message) and secret (shared key used to encrypt data using an algorithm). The public key is derived from the private key.
Each peer combines its own private key with the peers public key to calculate the shared secret number. The secret number is converted into a shared secret key. This key never crosses the line (ie never exchanged). The shared secret key is input to the algorithm (eg 3DES). Then cleartext data is fed into the algorithm in fixed-length blocks and is converted to cyphertext and sent using ESP.
eg. A sends a message to B with B's shared/public key (b1). C sends a message to B with B's shared/public key (b2). b1 doesn't equal b2. B decrypts both with his private keys (one for each peer). B sending to A can't be read by C as they use different public/private key's. For each of B's peers (A & C) should have different private keys, which will generate different public/shared keys.
Steve
09-30-2002 06:46 AM
Thank you for your reply.
As I can see from your writting, each user should have one private key for each communication partner. Each of these keys "have" associated public keys.
So, the "public key" can be public not for public use (more than 1 user) but for one-one communication with the advantage of key exchange without security risks.
Thanks,
JPL
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide