5

Asymmetric encryption diagram - from apple document

Above picture is captured from iOS Security overview at page 25. The path encrypt with public and decrypt with private makes sense. But the other path, encrypt with private and decrypt with public to recreate plain text is something i am not able to understand. If it is just for integrity check, then that should be fine since we will be only worried about tampering. But if the secrecy of the text should be maintained, shouldn't this pose a problem when decrypt with public key?

Can someone help me understand how this path is still secured?

Saran
  • 153
  • 4
  • 1
    the second path seems more like signing in which the encryption / chipher does not create secrecy but make sure that the author is indeed the holder of the private key – humanityANDpeace Oct 11 '14 at 19:15

2 Answers2

7

This is the path used when proving the encrypted data hasn't been tempered with, commonly known as a digital signature[1].

The part the diagram leaves out is that the commonly accepted technique for digital signatures is to use a hash function, like SHA-256, to represent the data, then sign the hash. It reduces the amount of data being transmitted and reduces the amount of data available to an attacker to reverse engineer the private key.

Also, as a nit, the encrypted data would not be the same in the two paths as shown in the diagram. So it's good not to take simplifications too literally.

[1] http://en.wikipedia.org/wiki/Public-key_cryptography#Inverse_Public_Key_Encryption

kronenpj
  • 216
  • 1
  • 2
  • Can i say the path in question can help ensuring integrity, but not secrecy. For secrecy, best way is to encrypt with public and decrypt with private? If yes, for two way secrecy what would be the best approach. – Saran Oct 12 '14 at 07:19
  • Correct. When you sign something, the only thing you're keeping secret (confidentiality) is the hash result. To keep data confidential it needs to be encrypted. I'm not sure what 2-way secrecy is, but if it's confidentiality when both sides transmit, both will need to encrypt data. This is often why a symmetric "session" key is transferred using public & private keys, then the bulk data encryption uses a symmetric algorithm like AES. – kronenpj Oct 14 '14 at 15:55
1

Using a private key to encrypt a message that will be decrypted by a public key is a mechanism used, not to ensure privacy, but to ensure non-repudiation, authentication and integrity. These 3 elements form what is commonly known as a digital signature. Of course, you have to know that this process does not disclose your private key.