If a server proves its bona fides by presenting its public key, and its public key is public, what prevents a bad actor from getting the public key and pretending to be the original? Is the server’s public key tied to a particular IP address or domain so that the client should check that? Or is a third-party certificate required to prove the server’s bona fides? How about the client’s public key? What prevents a bad actor from pretending to be the owner of that public key?
In: Technology
Encryption is based on one way processes. A simple example – say your public key is 299. I use the number 299 to encrypt something in a way that can only be unencrypted with your private key – which I don’t know, but it is related to 299 (it is the factors – 23 and 13). To find the factors and break the code is hard – I need to divide 299 by every number less than its square root. But, having the private key, You can calculate the public key very quickly – it is a single multiplication. Now in reality the private key is a much larger product of two prime numbers – a number so big it would take years to find the factors.
So – I encrypt with the public key a code phrase “where does it rain in Spain”. you get the message and decrypt with the private key. You then use your private key to answer “mainly on the plain”. I get your answer and decrypt it with the public key – which anyone could do – but the fact your public key works proves that You and only You could have answered me, and answering my specific code phrase proves you are who i intended to be talking to – the package was not intercepted and fake answer entered into the stream. Then, we repeat the process in reverse to prove I am to you – and then we can start talking.
Latest Answers