Questions tagged [public-key]

33 questions
20
votes
3 answers

Not understanding why I should use public/private key encryption over password?

My knowledge about these topics is very elementary, please "school me" if I said something completely wrong, it would surely help me understand these things better. Now, to my issue. Now that I have a laptop and didn't encrypt the entire disk during…
10
votes
3 answers

What happens when I encrypt something with my RSA Public Key?

I know encrypting something with my private key is used for signing. To prove that the message is indeed coming from me. But what about if I sign something with my public key? That would mean that only I could decrypt it with my private key. Suppose…
5
votes
4 answers

Using Public Key Cryptography for improving 2FA?

When using 2-factor-authentication using plain TOTP, the secret is stored on both the client and the server. This in turn means, that anyone with access to the database (and a key for it) knows the 2fa-secret of all the users. Why is this…
Gamer2015
  • 707
  • 4
  • 12
3
votes
2 answers

How can I prove the content of a PGP-encrypted message to a third party?

Imagine this scenario A StackExchange user sends you a PGP-encrypted message You decrypt the message and discover that you are being blackmailed You report the message to the admins but they are unable to view the content In this situation, is…
SWList
  • 33
  • 3
2
votes
2 answers

How can I verify the hash of the plain text without being able to decrypt the cipher text?

I am building an E2EE chat app where there is one asymmetric key pair per group. Each user also has one asymmetric key pair. All messages in a group chat are encrypted with the group public key and decrypted with the group private key. When Alice is…
1
vote
0 answers

In RSA, is e and d technically equivalent?

In the process of finding RSA key pairs, we first find a e that is relatively prime to φ(n) (where n = p × q), and then find d such that e × d mod φ(n) = 1. Is d also relatively prime to φ(n), or not necessarily? In practice, e is usually chosen to…
SamTest
  • 675
  • 5
  • 10
1
vote
2 answers

Best and safest way to store secret key used for PKA on server?

I interact with some API's that use PKA and I'm looking for the safest / best-practice way to store my secret key. The approaches I know are for example: Create a 0500 access directory on my server Within that directory, store the file containing…
1
vote
1 answer

Standard for public-key authentication (separate from channel encryption)

Because of all the problems associated with "roll-your-own cryptography", I am looking for an existing standard for standalone authentication using asymmetric keys. Scenario/threat model Machine-to-machine connections between services. During a…
Ben Voigt
  • 760
  • 1
  • 10
  • 17
1
vote
0 answers

Why is it not a good idea to simply encrypt the plaintext with the receiver’s public key?

What are some of the risks when encrypting "plaintext" with a receiver's public key? I have been Googling for hours, and been reading in the Computer Security Principles and Practice 3rd edition. It's NOT similar: In PGP, why not just encrypt…
John Smith
  • 93
  • 8
1
vote
2 answers

What are possible implications of ignoring the ssh host key warning?

With password authentication you're basically giving your password to the attacker. At least that is my understanding. What about public key authentication? I hear that a private key never leaves your side, and that it's not possible to perform a…
x-yuri
  • 257
  • 3
  • 7
1
vote
1 answer

How vulnerable is security if a public key is swapped by active attacker if a key check is done?

Trying to understand this from a high level conceptually. It is obvious from all information on Asymmetric encryption that a public key can be of course, public and there isn't a danger of interception. So I'm faced with a point in my software of a…
RobbB
  • 117
  • 5
1
vote
1 answer

Why does Lightsail require the server's private key to connect via SFTP?

I am still learning about SSH, SFTP and private/public keys. My elementary understanding of keys is that the private key should remain on the machine it was generated on and never be shared. I have a Lightsail instance that I would like to allow…
kmgardner
  • 11
  • 1
1
vote
1 answer

converting just a public key from PEM to DER using openssl

There are plenty of instructions for converting PEM certificates to DER which also pop up when looking for ways to convert public keys. These are among the options offered: openssl x509 -in cert.pem -out cert.der openssl rsa -in cert.pem -out…
Banyoghurt
  • 41
  • 6
1
vote
2 answers

Deriving digital signature key pair deterministically from an arbitrary secret

Is there a scheme that let people derive public/private key pair from arbitrary secrets? As you may know, digital signature schemes have versatile use cases. The problem is, the key pair handling is too difficult for end-users. On the other hand,…
1
vote
1 answer

How securely should one treat their primary public key?

First of all, is my understanding correct that primary keys and subkeys are all key pairs consisting of a private and a public key? I get the rationale behind using primary keys and subkeys1, and why one should keep the private primary key (or…
toraritte
  • 115
  • 6
1
2 3