How to send the private key to the recipient securely?

Question

1.00/5 (1 vote)

See more:

Let's say that a secret document should be sent to a person, the recipient. In order to decrypt a message, a private key is required. Anyhow, the recipient must own the private key to encrypt the document sent. It wouldn't make sense to send the private key to the precipitant, because it could be vulnerable. So, the recipient has not the chance to decrypt the document sent by the sender.

What is the meaning of it all and is there a way to avoid this security issue? For a better understanding, please explain it figuratively.

Posted 22-Sep-11 9:43am

bluemanmoon

Add a Solution

Comments

Sergey Alexandrovich Kryukov 22-Sep-11 16:15pm

Really?! Sometime all you need is: think again.
--SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2011-09-22T10:14:00

Solution 1

Private key is never sent; it would defeat the purpose of public-key security. You can exchange information with anyone even if someone spies on your connection all the time. You send public key to your partner. The public key is used to encrypt and cannot decrypt, you keep your private key which can decrypt but not encrypt. So, you can only receive a secret message from the partner. Apparently, to send a message, you need to receive a public key from the partner, not sent a private one.

You need to invert your thinking to get it.

Still not clear? Find detailed explanation here: http://en.wikipedia.org/wiki/Public-key_cryptography[^].

Just track what Alice and Bob do.

—SA

Posted 22-Sep-11 10:14am

Sergey Alexandrovich Kryukov

Updated 22-Sep-11 10:19am

v2

Comments

bluemanmoon 22-Sep-11 16:50pm

>> You send public key to your partner. The public key is used to encrypt and cannot decrypt, you keep your private key which can decrypt but not encrypt.

In short words, the public key is used for encryption and without knowing the private key, there isn't a security issue. The private is used key for decryption. Because of that, the private key must be kept in a secure place so that nobody (except me) gets the key. That's the same as I said.

In my understanding, it is not possible to decrypt a message without having the private key. In order to decrypt a message, a private key is required. I sent my encrypted document to the recipient. The recipient gets the documents. How he or she can read the document? There is no possibility.

How can I get an answer from the recipient?

>> You need to invert your thinking to get it.

That could be certainly my problem. ;)

Sergey Alexandrovich Kryukov 22-Sep-11 17:16pm

Read the article, you will understand everything!
Didn't you understand this: four (4) keys are involved:

1+2) your public and your private for (partner -> you) communication;
3+4) partner's public and partner's private for (you -> partner) communication.

The owner of 2 keys only receive;
The receiver of 1 public key only sends.

All is based on: "here is my public key for you to send data, only I will know how to decrypt it".

Come on, just think a bit. This is very simple, but one needs to create an extra brain convolution in the brain :-)

--SA

Sergey Alexandrovich Kryukov 22-Sep-11 18:27pm

>I sent my encrypted document to the recipient. The recipient gets the documents. How he or she can read the document? There is no possibility.

This is all wrong. You made a subtle logical mistake. You never send the document at first.

1) Instead of document, you send a message: "Create and send me a public key for me to encrypt some document and send it to you".

2) Future recipient creates two keys, store private one ***and never gives to anyone*** and sends you a public key.

3) You receive a public key, use it to encrypt a document. There is only one person in the world who can decrypt it, and this is not you; you can only encrypt it, can never decrypt it back.

4) You send the document to the only person who could decrypt it -- your recipient. All the spy grind teeth.

5) Your recipient gets private key and decrypts it.

Voila! Private key was never sent anywhere. And you could see this by yourself after you learned about roles of keys.

By this way, this schema is protected against decryption of document, but not against sending false document to recipient. Someone else could impersonate you and do the same (because e-mails can be easily forged). Now, all goes the same way, only recipient things it's you, but it is someone else. How to get protected from such thing? -- A home exercise for you. :-)

--SA

bluemanmoon 25-Sep-11 10:18am

Very detailed and excelled explanation! Thanks!

bluemanmoon 22-Sep-11 18:17pm

So, only the person (let's say A) who owns the private key can read messages sent by other person (B). However, person A cannot send messages to person B, because person B hasn't the private to decrypt the message (wouldn't make sense). Person B will never get the private key, because it would be a security issue. To put in in a nutshell, communication doesn't work vice versa, only just this way. Person B speaks to A and he'll never get an answer.

Person B speaks to person A. Person A deciphers the text. Okay. Person A cannot answering a – for example a question from person B – to person B.

Is this rule breakable, so that person B could read the message from person A without run in risks (sharing the private key)?

Regarding to brain: I already read the article from Wikipedia, so I'm not a lazy one. I wouldn't ask if it were easy for me. Sorry.

Sergey Alexandrovich Kryukov 22-Sep-11 18:29pm

Well, read again. OK, I commented in more detail above. Speaking of A->B vs B->A, have you heard such thing: symmetric?
--SA

Sergey Alexandrovich Kryukov 22-Sep-11 21:40pm

"Is this rule breakable": apply some logic.
Regarding the brain: I really created myself a new brain convolution when I read about it, so you can, too.
Good luck,
--SA