Well, I can believe it. Very recently I had to explain it to an audience of engineers.
Responses have been enlightening to say at least. The more educated audience is the more details matter. Not obvious to you the “smug IT expert”.
The scenery and the scenario
You start with good old Alice and Bob. Stop! You are explaining the concept wrongly.
There is no present universe, a situation where there are only two actors doing it. You are assuming a lot of things are self-explanatory or “natural”, but your audience does not. You need to be extremely precise before explanations start. An educated audience will simply stop you and the whole session might be lost. Because you have not prepared well enough.
However weird or funny or strange or whatever it seems to you stop and think about what was not explicitly explained and simply say:
Let’s assume there is a universe with only two actors remotely exchaning messages no one else can read but them.
But wait, why worry if there are only two of them in the entire universe? Because they are security aware. They know, that at any moment a third rogue actor aka Bandit, can appear seemingly out of nowhere and intercept their remote happy communication and read them unprotected messages.
Suddenly you realize you have a scene set for one very believable remote communication scenario. A scenario that is readily applicable to our universe.
Bob and Alice are happily communicating as if there is no body else in the entire universe but the two of them
Suddenly everybody in the audience can identify with Alice or Bob. Happily chatting away, exchanging completely unencrypted emails (for example). Just like all of us.
The story
What was before that?
- Both Alice and Bob liveth in their houses, with post boxes in front of their houses. The House address is public and known. This same goes for the post box.
- All that information is a public key.
- Both Alice and Bob have little keys to their respective post boxes. Those keys we call private keys.
- Communication analogy is a paper post. Letters.
- Alice sends a message (letter) to Bob by using his public key (address of Bob’s house with a mailbox in front of it)
- The next day (or more days) Bob walks to his postbox and opens it with his private key. Bob finds and reads Alice’s letter.
- The post office system is not 100% completely safe, secure, and unpenetrable, the third rogue actor aka the Bandit, can read Alices’ letter to Bob in many ways before they arrive at Bob’s letterbox.
The safe Emailing
Now we need to map what we need to learn onto the scenario and scene we set up. Alice and Bob are now both having laptops and email accounts. They are far away from each other and use laptops and email software to communicate. And importantly we will not tell the story where Alice and Bob are exchanging messages safely from the start. There is no need for that. We can start with only Bob receiving safe messages.
- Using some mumbo-jumbo software (called RSA something) Bob has created two long very funny-looking strings of funny chars
- He was told (by RSA) which one is his public key and which one is his private key.
- Bob made sure he will save and keep safe indefinitely these two strings in some file on his laptop
- The public key is not-a-secret and he sends it to Alice in an open clear text email
- keep in mind the story of letters and letterboxes and what was named “keys”, above
- He was told (by RSA) which one is his public key and which one is his private key.
- Now Alice is equipped by Bob to send him encrypted emails that Bob will be able to unlock with his private key and read
- How?
- Alice creates some text messages and then uses Bob’s public key (he sent previously) and that same mumbo-jumbo RSA software to turn that message into some gibberish text.
- That gibberish is text encrypted with Bob’s public key. To be sent specifically to Bob.
- The third actor aka the Bandit might be able to intercept that email, but Bandit will not be able to turn back that gibberish into Alice’s message to Bob.
- for that, he needs Bob’s private key. (the key to Bob’s letter box from the story above)
- How?
- The outcome: now Alice can send safely to Bob knowing that nobody but Bob will be able to read her messages in emails sent to him.
- Recap
- Bob’s public key can be sent as-it-is to anyone agreeing to send encrypted texts to Bob
- Nobody can decrypt those gibberish text emails into messages but Bob using his private key
- To create public and private keys (long strings) Bob used RSA
- To encrypt messages for Bob, into gibberish senders use RSA and Bob’s public key.
- To decrypt all that gibberish from any sender Bob uses RSA and his private key string to turn them back into messages
- The Bandit can intercept emails with gibberish sent to Bob, but he can not decrypt them and see the messages
- The Bandit needs Bob’s private key, but it was never sent to anyone. It stayed on Bob’s laptop.
Now, using the same concept and RSA, Bob can send his messages safely to Alice. And to anyone else willing to use RSA. And that anyone else can send messages to anyone else in the same safe manner.
End of story. I think.