Feasibly Disruptive™
Feasibly Disruptive™
Architecture. A formal description of the system Compliance, GDPR, Security Software and IT systems

Can you believe it, yet another post on Asymetric Keys?

Well, I do believe it. Very recently I had to explain the concept to an audience of (non-software) engineers.

Responses have been enlightening to say at least.  The more educated the audience is that much more analogies matter.  And here we are, the story begins with a very important key analogy. And here it is:

Corrigan Studio Kaden Letter Box with Newspaper Holder | Wayfair.co.uk
Post Box

 

The scenario

It is simple. The story has to be plausible. Here is a scenario I developeth and useth.

  • Both Alice and Bob live in houses with post boxes in front of them. Every house address is public and known, and the same goes for the post box.
    • And all that information is a single public key!
  • Next. Both Alice and Bob have little keys (hanging around their little necks ) to their respective post boxes. Those keys we call private keys!
  • Communication protocol analogy is a paper post. Aka Letters.
    • Alice sends a message (letter) to Bob  by using his public key (as explained above that is the address of Bob’s house with a mailbox in front of it)
    • The next day Bob walks to his postbox and opens it with his private key. Bob finds and reads Alice’s letter.
  • The post office protocol is not 100% completely safe, secure, and unpenetrable, the third rogue actor aka the Bandit, can read Alices’ letter to Bob in many ingenious ways before they arrive at Bob’s letterbox.
  • Ditto: Alice and Bob, have a communication problem

The safe Emailing

Now we need to map what we need to learn onto the next scenario and scene we shall set up. Alice and  Bob now both have laptops and email accounts. They are far away from each other and they use laptops and email software to communicate. And importantly we will not complicate the story where we might assume Alice and Bob exchange messages safely from the start. There is no need for both using the solution for safe communication. We can start with only Bob receiving safe messages. So. Not Alice and Bob, just Bob. Get it?

Ok then here is the safe protocol.

  • Using some mumbo-jumbo software (called RSA something) Bob has created two very long very funny-looking strings made of funny chars
    • He was told (by RSA software)  which one is his public key and which one is his private key.
      • Then Bob made sure he would save and keep safe indefinitely these two strings in some file on his laptop
        • not losing the info which is public and which is private
    • Bob is told, the public key is not a secret and he sends it to Alice in an open clear text email
      • keep in mind the story of letters and letterboxes and what was named “keys”, on the top above
  • Now Alice is told she is equipped by Bob to send him encrypted emails that Bob will be able to unlock with his private key and read
    • How?
      • Alice creates some text messages and then uses Bob’s public key (he sent previously) and that same mumbo-jumbo RSA software to turn that message into some gibberish text.
      • That gibberish is text encrypted with Bob’s public key.
        • Stop and recap what you know
          • Bob’s public key is public knowledge.
          • Bob’s letter box from above, also for everyone to see in front of Bob’s House
        • Bob’s public key is to be used for messages to be sent only to Bob.
          • Through the use of that RSA mumbo-jumbo software
        • No stop again and see this picture
        • The third actor aka the Bandit might be able to intercept that email, but Bandit will not be able to turn back that gibberish into Alice’s message to Bob.
          • that is because Alices encrypted the message by using Bob’s public key and that mumbo-jumbo RSA software
        • to transform intercepted gibberish into Alice’s message, Bandit needs Bob’s private key.
        • (the key to Bob’s letter box from the story above)
          • hence the “Asymmetric” name, sometimes used for this scheme:
            • The public key is for encryption and the private key is for decryption.
  • The outcome: now Alice can send safely to Bob knowing that nobody but Bob will be able to read her messages
  • Recap
    • Bob’s public key can be sent as-it-is to anyone needing to  send encrypted texts to Bob
    • Nobody can decrypt those gibberish text emails into messages but Bob using his private key
      • the private key is for the description
    • To create public and private keys (long strings) Bob used RSA mumbo jumbo software
    • To encrypt messages for Bob, into gibberish senders use RSA and Bob’s public key.
    • To decrypt all that gibberish  from any sender Bob uses RSA and his private key string to turn them back into clear text messages
    • The Bandit can intercept emails with gibberish sent to Bob, but he can not decrypt them and see the message’s text
      • The Bandit needs Bob’s private key, but it was never sent to anyone. It stayed all the time on Bob’s laptop.

Now, using the same concept and RSA, Bob can send his messages safely to Alice, using Alice’s public key she created using RSA and sent to Bob. And to anyone else willing to use RSA generated public key to encrypt safe messages to Alice. And that anyone else can send messages to anyone else in the same safe manner.

Here is a sequence showing Bob sending a safe email to Alice. Before this diagram, Bob and Alice exchanged public keys. Here is Bob sending.

 

Before this sequence, both Bob and Alice have created public and private keys. Private keys never leave their possession. Public keys they have sent to each other.
Before this sequence, both Bob and Alice have created public and private keys. Private keys never leave their possession. Public keys they have sent to each other.

End of story. Applicable to our universe. I think.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.