Can you believe it, yet another post on Asymetric Keys?

Well, I do believe it. Very recently I had to explain the concept to an audience of (non-software) engineers.

Responses have been enlightening to say at least.  The more educated the audience is that much more details matter. To be explained very clearly. That is perhaps not obvious to us the “smug IT experts”. And here we are, the story begins with a very important key analogy. And here it is:

Corrigan Studio Kaden Letter Box with Newspaper Holder | Wayfair.co.uk

The scenery

You start the lecture, with good old Alice and Bob, examples from the primordial soup of lectures. Stop! You are misdescribing the concept.

There is no (in the present universe), situation where only two actors are doing it.  You are assuming a lot of things are self-explanatory or “natural”, but your engineering audience is definitely not taking anything as “self-explanatory”.  You need to be extremely precise before explanations start, to an audience of engineers. A highly educated audience will stop you and the whole session might be lost. Because you have not prepared well enough.

However weird or funny or strange or whatever this seems to you, stop and think about what was not explicitly explained and “simply” say instead:

Let’s assume there is a universe with only two actors remotely exchaning messages (no one else can read but them).

Wrong again. Why worry about the secret messaging if there are only two of them in the entire universe?  My answer: Because they are security aware.  They know, that at any moment in time, a third rogue actor aka Bandit (from the adjacent universe), can appear seemingly out of nowhere and intercept their remote happy communication and read them unprotected messages. And that was the real-life lecture example, I kid you not.

Fortunately, by then you will realize you can set the scene for one very believable remote communication scenario. A scenario that is readily applicable to our universe too. Here is the getaway card sentence:

Bob and Alice are happily communicating as if there is no body else in the entire universe but the two of them

Suddenly everybody in the engineering audience can (and wants to) identify with Alice or Bob. Happily chatting away, exchanging completely unencrypted emails (for example). Just like all of us or all of them do, all day every day.

The scenario

It is simple. The story has to be plausible. For example. What was before that, in that universe? Here is a scenario I developeth and useth.

  • Both Alice and Bob liveth in their houses, with post boxes in front of their houses.  And every house address is public and known. This same goes for the post box.
    • And all that information is a single public key.
  • Next. Both Alice and Bob have little keys (hanging around their little necks ) to their respective post boxes. Those keys we call private keys.
  • Communication protocol analogy is a paper post. Letters.
    • Alice sends a message (letter) to Bob  by using his public key (as explained above that is the address of Bob’s house with a mailbox in front of it)
    • The next day (or after 1..N days … sigh) Bob walks to his postbox and opens it with his private key. Bob finds and reads Alice’s letter.
  • The post office protocol is not 100% completely safe, secure, and unpenetrable, the third rogue actor aka the Bandit, can read Alices’ letter to Bob in many ingenious ways before they arrive at Bob’s letterbox.
  • Ditto: Alice and Bob, have a communication problem

The safe Emailing

Now we need to map what we need to learn onto the next scenario and scene we shall set up. Alice and  Bob now both have laptops and email accounts. They are far away from each other and they use laptops and email software to communicate. And importantly we will not complicate the story where we might assume Alice and Bob exchange messages safely from the start. There is no need for both using the solution for safe communication. We can start with only Bob receiving safe messages. So. Not Alice and Bob, just Bob. Get it?

Ok then here is the safe protocol.

  • Using some mumbo-jumbo software (called RSA something) Bob has created two very long very funny-looking strings made of funny chars
    • He was told (by RSA software)  which one is his public key and which one is his private key.
      • Then Bob made sure he would save and keep safe indefinitely these two strings in some file on his laptop
        • not losing the info which is public and which is private
    • Bob is told, the public key is not a secret and he sends it to Alice in an open clear text email
      • keep in mind the story of letters and letterboxes and what was named “keys”, on the top above
  • Now Alice is told she is equipped by Bob to send him encrypted emails that Bob will be able to unlock with his private key and read
    • How?
      • Alice creates some text messages and then uses Bob’s public key (he sent previously) and that same mumbo-jumbo RSA software to turn that message into some gibberish text.
      • That gibberish is text encrypted with Bob’s public key.
        • Stop and recap what you know
          • Bob’s public key is public knowledge.
          • Bob’s letter box from above, also for everyone to see in front of Bob’s House
        • Bob’s public key is to be used for messages to be sent only to Bob.
          • Through the use of that RSA mumbo-jumbo software
        • No stop again and see this picture
        • The third actor aka the Bandit might be able to intercept that email, but Bandit will not be able to turn back that gibberish into Alice’s message to Bob.
          • that is because Alices encrypted the message by using Bob’s public key and that mumbo-jumbo RSA software
        • to transform intercepted gibberish into Alice’s message, Bandit needs Bob’s private key.
        • (the key to Bob’s letter box from the story above)
          • hence the “Asymmetric” name, sometimes used for this scheme:
            • The public key is for encryption and the private key is for decryption.
  • The outcome: now Alice can send safely to Bob knowing that nobody but Bob will be able to read her messages
  • Recap
    • Bob’s public key can be sent as-it-is to anyone needing to  send encrypted texts to Bob
    • Nobody can decrypt those gibberish text emails into messages but Bob using his private key
      • the private key is for the description
    • To create public and private keys (long strings) Bob used RSA mumbo jumbo software
    • To encrypt messages for Bob, into gibberish senders use RSA and Bob’s public key.
    • To decrypt all that gibberish  from any sender Bob uses RSA and his private key string to turn them back into clear text messages
    • The Bandit can intercept emails with gibberish sent to Bob, but he can not decrypt them and see the message’s text
      • The Bandit needs Bob’s private key, but it was never sent to anyone. It stayed all the time on Bob’s laptop.

Now, using the same concept and RSA, Bob can send his messages safely to Alice, using Alice’s public key she created using RSA and sent to Bob. And to anyone else willing to use RSA generated public key to encrypt safe messages to Alice. And that anyone else can send messages to anyone else in the same safe manner.

Here is a sequence showing Bob sending a safe email to Alice. Before this diagram, Bob and Alice exchanged public keys. Here is Bob sending.

 

Before this sequence, both Bob and Alice have created public and private keys. Private keys never leave their possession. Public keys they have sent to each other.
Before this sequence, both Bob and Alice have created public and private keys. Private keys never leave their possession. Public keys they have sent to each other.

End of story. Applicable to our universe. I think.