Linux Security: Public Key and Symmetric Key Encryption
by Mark G. Sobell - Author's Homepage - Thursday, 17 April 2003.
This is an excerpt from "A Practical Guide to Red Hat Linux 8". An interview with the author is available here.

Public Key Encryption

In order to use public key encryption, you must generate two keys: a public key and a private key. You keep the private key for yourself and give the public key to the world. In a similar manner your friends will generate a pair of keys and give you their public keys. Public key encryption is marked by two distinct features.

1. When you encrypt data with someone's public key, only that person's private key can decrypt it.

2. When you encrypt data with your private key, anyone else can decrypt it with your public key.

You may wonder why the second point is useful at all: Why would you want everybody else to be able to decrypt something you just encrypted? The answer lies in the purpose of the encryption. Although encryption changes the original message into unreadable ciphertext, the purpose of this encryption is to provide a digital signature. If the message decrypts properly with your public key, only you could have encrypted it with your private key, proving that the message is authentic. Combining these two modes of operation yields privacy and authenticity. You can sign something with your private key so that it is verified as authentic, and then you can encrypt it with your friend's public key so that only your friend can decrypt it.

Public key encryption has three major shortcomings.

1. Public key encryption algorithms are generally much slower than symmetric key algorithms and usually require a much larger key size and a way to generate large prime numbers to use as components of the key, making them more resource intensive.

2. The private key must be stored securely and its integrity safeguarded. If a person's private key is obtained by another party, that party can encrypt, decrypt, and sign messages impersonating the original owner of the key. If the private key is lost or becomes corrupted, any messages previously encrypted with it are also lost, and a new keypair must be generated.

3. It is difficult to authenticate the origin of a key, that is, to prove who it originally came from. This is known as the key-distribution problem and is the raison d'etre for such companies as VeriSign.

Algorithms such as RSA, Diffie-Hellman, and El-Gamal implement public key encryption methodology. Today a 512-bit key is considered barely adequate for RSA encryption and offers marginal protection; 1,024-bit keys are expected to withhold determined attackers for several more years. Keys that are 2,048 bits long are now becoming commonplace and rated as espionage strength. A mathematical paper published in late 2001 and reexamined in the spring of 2002 describes how a machine can be built-for a very large sum of money-that could break 1,024-bit RSA encryption in seconds to minutes ( Although the cost of such a machine is beyond the reach of most individuals and smaller corporations, it is well within the reach of large corporations and governments.

Symmetric Key Encryption


Keeping passwords safe from cracking

A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Sun, May 24th