Can you believe it, yet another post on Asymetric Keys?

Well, I can believe it. Very recently I had to explain it to an audience of engineers.

Responses have been enlightening to say at least.  The more educated the audience is the more clear-cut details matter. Perhaps not obvious to us the “smug IT experts”. And here we are, the key analogy:

The scenery

You start the lecture, with good old Alice and Bob. Stop! You are explaining the concept wrongly.

There is no (in the present universe), situation where there are only two actors doing it.  You are assuming a lot of things are self-explanatory or “natural”, but your engineering audience does definitely not.  You need to be extremely precise before explanations start. A highly educated audience will simply stop you and the whole session might be lost. Because you have not prepared well enough.

However weird or funny or strange or whatever it seems to you stop and think about what was not explicitly explained and “simply” say:

Let’s assume there is a universe with only two actors remotely exchaning messages no one else can read but them.

Wrong again. Why worry about the secret messaging if there are only two of them in the entire universe?  My answer: Because they are security aware.  They know, that at any moment in time, a third rogue actor aka Bandit (from the adjacent universe), can appear seemingly out of nowhere and intercept their remote happy communication and read them unprotected messages. And that was the real-life lecture, I kid you not.

Fortunately, by then you will realize you can set the scene for one very believable remote communication scenario. A scenario that is readily applicable to our universe too.

Bob and Alice are happily communicating as if there is no body else in the entire universe but the two of them

Suddenly everybody in the audience can (and want to) identify with Alice or Bob. Happily chatting away, exchanging completely unencrypted emails (for example). Just like all of us or all of them do, all day every day.

The scenario

The story has to be plausible. For example. What was before that? Here is a scenario I useth.

• Both Alice and Bob liveth in their houses, with post boxes in front of their houses. The House address is public and known. This same goes for the post box.
  • All that information is a public key.
• Both Alice and Bob have little keys to their respective post boxes. Those keys we call private keys.
• Communication analogy is a paper post. Letters.
  • Alice sends a message (letter) to Bob  by using his public key (the address of Bob’s house with a mailbox in front of it)
  • The next day (or 1..N days) Bob walks to his postbox and opens it with his private key. Bob finds and reads Alice’s letter.
• The post office system is not 100% completely safe, secure, and unpenetrable, the third rogue actor aka the Bandit, can read Alices’ letter to Bob in many ways before they arrive at Bob’s letterbox.

The safe Emailing

Now we need to map what we need to learn onto the scenario and scene we set up. Alice and  Bob now both have laptops and email accounts. They are far away from each other and use laptops and email software to communicate. And importantly we will not tell the story where Alice and Bob are exchanging messages safely from the start. There is no need for that. We can start with only Bob receiving safe messages. Not Alice and Bob, just Bob.

• Using some mumbo-jumbo software (called RSA something) Bob has created two very long very funny-looking strings made of funny chars
  • He was told (by RSA)  which one is his public key and which one is his private key.
    • Bob made sure he will save and keep safe indefinitely these two strings in some file on his laptop
      • not losing the info which is public and which is private
  • The public key is not-a-secret and he sends it to Alice in an open clear text email
    • keep in mind the story of letters and letterboxes and what was named “keys”, above
• Now Alice is equipped by Bob to send him encrypted emails that Bob will be able to unlock with his private key and read
  • How?
    • Alice creates some text messages and then uses Bob’s public key (he sent previously) and that same mumbo-jumbo RSA software to turn that message into some gibberish text.
    • That gibberish is text encrypted with Bob’s public key.
      • This is Bob’s public key.
        • That is Bob’s letter box from above
      • To be used for messages to be sent only to Bob.
    • The third actor aka the Bandit might be able to intercept that email, but Bandit will not be able to turn back that gibberish into Alice’s message to Bob.
      • for that, he needs Bob’s private key. (the key to Bob’s letter box from the story above)
        • hence the “Asymmetric” name, sometimes used for this scheme: public for encryption private for decryption.
• The outcome: now Alice can send safely to Bob knowing that nobody but Bob will be able to read her messages in emails sent to him.
• Recap
  • Bob’s public key can be sent as-it-is to anyone agreeing to  send encrypted texts to Bob
  • Nobody can decrypt those gibberish text emails into messages but Bob using his private key
  • To create public and private keys (long strings) Bob used RSA
  • To encrypt messages for Bob, into gibberish senders use RSA and Bob’s public key.
  • To decrypt all that gibberish  from any sender Bob uses RSA and his private key string to turn them back into clear text messages
  • The Bandit can intercept emails with gibberish sent to Bob, but he can not decrypt them and see the message’s text
    • The Bandit needs Bob’s private key, but it was never sent to anyone. It stayed on Bob’s laptop.

Now, using the same concept and RSA, Bob can send his messages safely to Alice, using Alice’s public key she created using RSA and sent to Bob. And to anyone else willing to use RSA generated public key to encrypt safe messages to Alice. And that anyone else can send messages to anyone else in the same safe manner.

Here is a sequence showing Bob sending a safe email to Alice.

End of story. Applicable to our universe. I think.