Two-way encryption

From Citizendium
Revision as of 19:00, 27 September 2023 by Pat Palmer (talk | contribs)
Jump to navigation Jump to search

Two-way encryption is used to obtain privacy when messaging back and forth between two end points. It is two-way because text messages are both encrypted and decrypted, as opposed to one-way encryption where the obscured message cannot be decrypted.

Two-way encryption is called private key when which both the sender and the receiver use the same key both to encrypt and decrypt, and no one else is given the key.

Two-way encryption is called public key when one key is used for encrypting and a different key is used for decrypting. This allows users on a computer network to send their encrypt key to strangers, who can then use it to send messages back to them. Public-key encryption is slower than private key encryption, and it cannot process large amounts of data, so it is used only to set up a private key channel between strangers across the internet.

Private-key encryption

Private key encryption requires only one key. That key can be used either to encrypt or decrypt a message. Both the sender and receiver must have the key, and third parties (potential intruders) must be prevented from obtaining the key. Private-key encryption may also be called symmetric, traditional, shared-secret, secret-key, or conventional encryption. This was the only kind of two-way encryption publicly known until 1976[1]. With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.

One example of a private-key algorithm is DES (Data Encryption Standard). DES uses a 24-character string for a key. The DES key is treated as a pass phrase to derive a 192-bit byte array, which is the actual key. To implement the Triple-DES algorithm, for example, encryption occurs three times: first, the plain text is encrypted; then, the encrypted result is encrypted; and then, the intermediate encryption is encrypted. The output is a 192-bit encrypted string (known as 192-bit encryption). The more bits in the key, the longer it takes a brute-force search to find the key. A 192-bit key has 6.3 x 10 raised to the 57th degree possible keys. A brute-force search of all possible keys would likely take a long time.

One practical consideration for using private key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem.

Public-key encryption

In public key encryption, a user has their computer produce two different keys: one key is the “public” key used only for encryption, and the other key is the "private" key used only for decryption. The public key can only be used to encrypt, and the user sends this public key to a stranger. The stranger uses the public key to encrypt messages and send them back to the user, who then uses the private key to decrypt the received message. Public key encrypion is also sometimes called asymmetric encryption.

Unlike private key encryption which assumes both sender and receiver already know the private key, public-key exchange allows you to securely issue a key to anyone so that person can then send you encrypted information. Only you can decrypt the information; an intruder with the public key cannot read the encrypted message.

The keys used in "public key" systems are quite different from the string keys used for "private key" systems. In "public key" systems, each key is a structure with eight fields. The private key has all the fields populated (six are used for decrypting, and two for encrypting). The public version is derived from the private key by copying only the two encrypt fields into a new key version and blanking out the six decrypt fields.

An example of a public-key encryption algorithm is RSA (which stands for Rivest, Shamir, and Adleman, its developers' last names). RSA can encrypt a message of only 116 bytes (58 unicode chars). The primary usage of public-key encryption is to securely pass a private key when first opening a channel across a network. The private key is then installed (hidden), and after this initial setup, all further communication is done by private key encryption, which does not have the same message size limitation as public key encryption (and is also faster).

Notes

  1. Cite error: Invalid <ref> tag; no text was provided for refs named dh2