The Secrets of Public-Key Encryption

The Secrets of Public-Key Encryption

March 25th, 2014 by Christopher C. Wright

Spread the word —

In an increasingly-dangerous and insecure internet age, is it possible to send messages or files securely any more? Luckily cryptography and encryption has come a long way since the idea’s start in almost BCE 1900. While almost all codes developed before the 1990s are trivially easy to decrypt with modern computers, one encryption method has remained almost completely unassailable against all attackers. Enter the idea of “public-key cryptography.”

What is Public-Key?

In the simplest terms, imagine that you can create an infinite number of locks that are all opened by only one key, yours. You can send these locks to friends, family, business acquaintances, anyone who might want to send you something without worrying that others can read the message. They box up their message, lock it with your lock, and yours is the only key in existence that can open, and thus read, the message. Likewise if someone wanted you to be able to write securely to them they would send you their locks with which to secure the information, knowing that only they could open it.

Older or more basic types of encryption are called symmetric in that both parties needed the passkey or cipher mechanism, that somehow had to be shared ahead of time. If anyone got their hands on it, all your messages could be decrypted, as happened when the Allies recovered an Enigma machine from the Axis and discovered how it worked. With public-key or asymmetric encryption you don’t share your private passkey with anyone, making it far less likely to be compromised. Messages can be encrypted with a public cipher which you freely give, and only your private key can unlock it.

How does it Work?

Generating a key pair is very simple; almost all Linux distributions come with the free GNU Privacy Guard software which has also been ported to Windows and Mac. In addition there are other options such as Symantec PGP, a paid product that offers the same protection for Windows.

By running the software an impossibly complex mathematical equation is combined with random, non-identifying entropy data from your computer, to make two very long series of letters and numbers. One will be your “private” key, used to decrypt any message sent to you and which you should keep very secret, while the other is your “public” key, used to write messages to you and should be shared liberally.

While the two keys are linked mathematically, it is all but impossible even with modern computers to decrypt a message without the right private key. Someone signing a message with your public key can rest assured that only you can read it.

How do I get Someone’s Public Key?

The largest vulnerability of the public key system is ensuring that you are talking to the person you think you are. Much as with email, the headers of which can be forged and it can appear to come from anyone, if you search the internet for someone’s public key you may not be finding the right individual — just like using Google to get a business’ phone number, you may actually get someone whose name is similar, or someone with sinister intentions who put a great deal of time into making sure their (false) key comes up first in searches.

The easiest way to ensure that you receive the right key is to contact the person through another medium, such as over the phone, and ask them to send you their key and verify that they received yours. Just as with communication over the internet, the better you know someone offline, the more likely you can trust them online.

Simplifying Use

Almost all modern email clients such as Thunderbird, Outlook and many others have add-ons or plugins available to make the process of encrypting, decrypting, and signing messages as easy as a click of the mouse. While similar plugins exist for webmail services, we at MSMB Networks would never recommend you give your private key to anyone, no matter how much you trust them, particularly a third-party web host.

Try it Out!

Encryption is an important and powerful tool for keeping your communication private and safe from those who would want to eavesdrop. Just like your banking website securing your web traffic when you check your balance, encrypting your email can make sure those who shouldn’t be looking at your communication aren’t able to. At the bottom of this message I’ll be attaching my public key — try sending me a message encrypted with either GPG or PGP, and see how easy it is!

Christopher’s Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFMysZkBEAC9RV98K2qCvjZsLA/hhR11eNxWBZvsXB2MKws5X35xo7ImOWjB
xxQPkELHZ6y72S3Cg40Vh0eLAuqBiwuWoOQPxleZ6meoY9PMdKTBNgg56jBobxxO
C6dP6v0imGVkaHFj13PQzaGfbKhfbrUOZo2UO4Hl7Ri8M5H9uzc86BjZijvlnQPN
jtvNSQrX91Z3jaFQnK6jmIF+MQbIE9uXShBd5BGJLkUJsxLva8qqucAHTNE1pa0l
g6ELwmFKCTepG5Cea2k4HwwFYQz7QRsp/qGvz5b55ZLGwlop7pgtefUZRX870aRm
JXQDPLGf/BhiMqZtGH60zb8NwDU34h81xqeknHlSQBAZqk44rY0lnHULb1UauBA0
qfsI9/hLBlyf2q8AWMavcBREMpnumjAZALEGH8hY1AiOWIHI2/aIW/spmUTcxrdu
PpCs1F/b5m7nGjJP5VnTbNltr6+QsqUhDIAVDFnC68HBNVdbO1NRnCx0Yxcya/1M
0UsSxsnvoq8kapFkATRwaG8ElT9Iw2CTBk8pK8o8ToRZtRz1fs71Z7euDtjDvYcP
+VMYlkewKMWE1MaP+pJbxbbvKqTvo271cncrlRkCoPn6L3rEHaOMCRDcXvDttvDf
pkjBFySOxYgHh+kz585pShzid27oQfIvZqwWtRxd0z7NabDrYpTRDYJwPwARAQAB
tDRDaHJpc3RvcGhlciBDLiBXcmlnaHQgPGNocmlzdG9waGVyQG1zbWJuZXR3b3Jr
cy5jb20+iQI4BBMBAgAiBQJTMrGZAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
gAAKCRA6fkGZkNjpyVKjEACsH3kZBpL09nNesVCZl66LqGdlkT1GkCsLxlBEBSXo
41kfNyVnrzifJ4UxT1nup0HdHqXznEVtJn7kMGNj7+bhd7K0hhZLAsRXBG4s11uF
p3ebkQ35+rU1cxzep8a4HSitQDH3JO3ny489HQDIlq2v9wCqz7KnlI0kUxHjPy58
UvjPWqGqS+DutwjOv0ywBuNEcnj74h5XLVOXQkJGskpA9MfUa9bRLDUcvkscyOeR
QIRtcP9WDNPvOZh4pT6+LD1xyFkoGyIn7T2i3n4klJ8r+oDN6VYwkMT+XWODlHjB
xWYJzkhDJ5VrurYX+diTCeQVXC8wfALtTwdqxIs+pQ8AlxoWblDuJnCAeRgJwpZP
3uqSYqA8x4zhTkFxpofaU3PWv/cC4SuUsi8651InEocZfClASAQzRqVTcXJrIdnA
lD1Nsyv6yEyBAkUtQmsQZMX8eoDxqyAzCzF6xOz+BMwac/mK3YK/wcflaygGa4ED
sx8u2fL4Ap/1zQ4i0KQO0BMrgaQLzZ0vOspwrp1Yveyxj5LXBBjxRt1eQwXwz2cU
Vu25H6Brsc7QlmueZfMJW8Ze4B5F8laAp5t1nZkaTFU1f1uR3cXwocLlQRhzHbMI
dyQgJHmcDPhxwxng+QoKSSc2eTgxqwdwsPt3+OMVuvuEZPKqc3Ti1JBWy7pJbKA8
WLkCDQRTMrGZARAAsweEhaEEEwfGHLRKm49NrvisLNyvNZ3IG2sshX4YPSGyXzXq
uyUirdCi7BdxSZ5lHR4KYgCiYFPfbxjU0wAc08wyZSQWVTjhfcQevi+cr0fV1IZh
UCFnMaujou+aAom6N/74Owu2dhRJSE6hdWPEmRAp6YrMHGAWXCcqkpMzye3KSN82
6BMuqr6CzBuSbK+3Zi7eL08fp6I/0C+9JZYBPHGj59IJokefO2GI10hfaSmzgfL8
qUIJa1iqR2AP4PtZpeYspzYz8XXITryb1IvKuVbr9MzVjP8QoMLAN1/Dr9PPxAx2
eDpAODWN7O2ETFe39GLyL0u6I/RzwnV3BToS7V1FJGgilQrT5REWyb4ZqM9SBFdi
V7CoMdZPsmQ1mOjyrmXXh35YkGhqEHdByPIW2yCF1n/CjWv3/XvE+CSbmJzrZvQi
FYoNIbR2QPkFZ8hgATgqezZYGyTJNKTuUn1yH60zHsfi2DKZlgrqPVbVHoToLe8H
euhP3vQvEVP4gYl9oT7vO8GJd8kWIopbpMkhU8s1HXDBexCGmdxBrXKkSEX1HKFH
fo4+pbCOxUHmgbxTHUmSiBdpPaUH/HVmYlYJozMydqqxTilqG4dgGTnwWlB9XOlO
pti6VHncRNNwriOnfMGkqv7r7lqaFMtQFoEpYOj2aQxZmBBaYtja3mQHBmEAEQEA
AYkCHwQYAQIACQUCUzKxmQIbDAAKCRA6fkGZkNjpybpFD/46p2IjiSOouCiGa/oH
0JJwpEMznVPaonavg5zvEkA2wMnEGkKFGSv8TRzV2cdOlYatk8thzif7pBMoXt3J
gYzR9VsH8P7lF6zCrt+KNZUgLLsIwaXmY5/0onw19eZkmZawBGc/KMHiO/GkRHD+
tKr9PT4EhvCNEBqGb6sJfwAo9rFw9l+3bd6bXfZK86Gpk0kvQxYzQz6qQ/VXCrO/
5Nk+36wUdCoMFKe71NRQoNSEBwYIGFfzeJtfY4rUeg5HgVgzUU3CMfBHXO9VxY2F
iP5HcWXz15q3zP54U4O8l88jj+ET7ILLwNSHbba3ty3v+FC/WRvtLW814bIX5YzW
YrdR2qeahDNqU819y6dVlbc+OvBCMLdxKtDyPgmR13ciTydFQwORqLdSLtPrnAle
IH1P/H17gBXnO/i76XZaWCx2yrjeJ3X13pigDSeMzUt1NjiPECGtnij+UE5eSoqx
3S3hGwbGTwVZtjyXgO6pMMhIQR4AgWJ/xabd7Fy4wVRu7J7XrGmULgWrujlsy9F+
ryTTiza/WJEMn2C4H2IJfAXGKfoCRqkYq50v4HR/itI07v6teZNFJfwLcXInSjeh
jcyDRxYbdCLulBusUThXjbxsZkRg8je+pel/tKH2R9JS7oQ02HdkaLKlVazcF4P9
AjgWXGfMFFcf5K/sxX1pZCGrkw==
=ipaq
-----END PGP PUBLIC KEY BLOCK-----


MSMB Networks — Your IT Professionals!


Christopher C. Wright is the CTO of MSMB Networks, focusing on network and system administration, upgrade planning, disaster recovery, and IT budget analysis in Petaluma and all over Sonoma and Marin Counties. With more than fifteen years of hands-on experience, he is committed to educating and protecting his clients, ensuring they receive the best individualized support possible. Email him at christopher@msmbnetworks.com

Spread the word —

Latest Tweets

All future personal tech tweets will be posted at @Tech_Poet – thank you everyone for the support!
I wonder if I should keep using this handle for my personal tech projects and observations, now that MSMB has retired. Thoughts?
I just wrote 3500 words on @meraki hardware and dashboard software, woo! Coming to a blog near you.
RT @EFF: UPDATE: Hours before a scheduled vote on net neutrality, the CA utilities regulator took the item off the agenda: https://t.co/0yV
Make sure to do your Windows Updates; @Microsoft released some important ones this week!
RT @TEDTalks: “We need to build an Internet where privacy is no longer just an option, but the default.” - Andy Yen #TEDGlobal

MSMB Networks

info@msmbnetworks.com
855 Grouse Ln
Petaluma, CA 94954
415.462.6297