Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
4
Replies

PKI private/public keys

joao.lopes
Level 1
Level 1

‎09-27-2002 05:06 AM - edited ‎03-09-2019 12:29 AM

Suppose two users A and B.

If B send info encrypted with A's public key, only A can decrypt the info because he is the only one with it's private key. But if A send info encrypted with it's own private key, anyone with A's public key can decrypt the info, right? isn't this a security issue?

Regards,

JPL

Labels:
0 Helpful
4 Replies 4

steve.barlow
Level 7
Level 7

‎09-27-2002 05:15 AM

It is highly recommended that each peer have their own public keys. Don't use the same key between 2 different peers. Keys are the most important part of security, guard them with your life :)! You can have the most advanced encryption algo in the world, but if you have the key ..... And that's really what you want, people you trust the key with should be able to decrypt your packets. Just guard the key and use different ones with different peers, and change them every so often.

Steve

0 Helpful

joao.lopes
Level 1
Level 1
In response to steve.barlow

‎09-27-2002 05:26 AM

What you are telling me is that if A wants to communicate with B he should use B's public key and for B->A, B should use A's public key. So each user must have a public key for each partner he wants to communicate with?

Regards,

JPL

0 Helpful

steve.barlow
Level 7
Level 7
In response to joao.lopes

‎09-27-2002 07:22 AM

Sorry if my writting is unclear. What I meant was - In ipsec there are 3 keys - public (shared with the peer, used to verify a signature), private (secret and never shared, used to sign a message) and secret (shared key used to encrypt data using an algorithm). The public key is derived from the private key.

Each peer combines its own private key with the peers public key to calculate the shared secret number. The secret number is converted into a shared secret key. This key never crosses the line (ie never exchanged). The shared secret key is input to the algorithm (eg 3DES). Then cleartext data is fed into the algorithm in fixed-length blocks and is converted to cyphertext and sent using ESP.

eg. A sends a message to B with B's shared/public key (b1). C sends a message to B with B's shared/public key (b2). b1 doesn't equal b2. B decrypts both with his private keys (one for each peer). B sending to A can't be read by C as they use different public/private key's. For each of B's peers (A & C) should have different private keys, which will generate different public/shared keys.

Steve

0 Helpful

joao.lopes
Level 1
Level 1
In response to steve.barlow

‎09-30-2002 06:46 AM

Thank you for your reply.

As I can see from your writting, each user should have one private key for each communication partner. Each of these keys "have" associated public keys.

So, the "public key" can be public not for public use (more than 1 user) but for one-one communication with the advantage of key exchange without security risks.

Thanks,

JPL

0 Helpful
Customers Also Viewed These Support Documents