PRIVATE AND PUBLIC KEY help
[269 byte] By [swaroopba] at [2007-9-26 3:15:03] 
HI ALLcan anyone tell me the difference b/w private key and public key used in encryption alg.for eg. in encryptiion file system of windows 2000private & public keys are made use of.thanksbelur
In public key cryptography, keys come in pairs. Unlike symmetric key cryptography, where the same key is used to encrypt and decrypt the message, in public key cryptography, what one key encrypts, only the other can decrypt.
You distribute your public key to anyone who might be interested in communicating with you, and you keep your private key a secret. If somebody wants to send you an encrypted messgae, they encrypt it with your public key (which everybody knows). That message can only be decrypted with your private key (which only you know).
When you want to sign a message, you encrypt it with your private key. Anybody can then decrypt it, but that's okay, because here, the contents aren't a secret. By decrypting with your public key, it's verified that the message came from you (since the only messages your public key can decrypt are those that your private key encrypts), and that the message was not modified after you created it (since the mathematical properties of the keys are such that if you mofidied the message after encrypting, even one bit, it would decrypt to garbage).
You can sign and encypt a message to Joe, by encrypting with your private key (signing) and then encrypting the result with Joe's public key (encrypting). The order doesn't matter functionally, but it may be that one is preferred over the other for security reasons. I can't recall.
Finally, it's worth noting that the keys themselves are large numbers generated by the encryption software. You don't actually "know" or remember your private key. It's stored in a file on your computer. When you're asked for a password for PGP or other public-key encryption software, that password is to decrypt your private key. Since the key itself sits in a file on your disk, it's vulnerable to somebody else seeing it and then either immitating you or reading your private messages. The private key, therefore, is itself encrypted with symmetric key cryptography, where the password that you provide is the key to encrypt/decrypt your private key.
jverd at 2007-6-29 11:25:58 >
Hi,With your explanation i got clear picture of difference between PRIVATE AND PUBLIC KEY. What about if we generate keys from fingerprint how it works? Anyone know how to generate keys from a fingerprint?Thanks,Ganesh
Ganesh553 at 2007-6-29 11:25:58 >
I don't think fingerprints are used to encrypt oe decrypt.
Fingerprints come to use when ur using certificates...
That is when you give another host a certificate, that host verifies the authenticity of the certificate by verifying the fingerprint with the issuer (the one who signed the certificate,which might be you if it is a self signed certificate).This might be done over the phone,mail etc....
hope this helps ya
--jubs-- at 2007-6-29 11:25:58 >
Can you explain a little bit more about that ....certificates etc....?Ganesh
ganp at 2007-6-29 11:25:58 >
Security New Topic
Security Hot Topic
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding