Understanding encryption Keys

I'm really embarrassed to ask this question but its the fact that I don't know anything about encryption. I always avoided it. I don't understand the concept of encryption keys (public key, private key, RSA key, DSA key, PGP Key, SSH key & what not) .

I did encounter these in regular basis but as I said I always avoided them. Here are few instances where I encountered:

Creating Account:

A public RSA or DSA key will be needed for an account. Send the key along with your desired account name to admin@organization.org

I really don't know what are RSA/DSA or How to get their keys? Do I need to register some where for that?

Mailing:

I'm unable to recall exactly but I've seen some mails have some attachments like signature or the mail footer will have something called PGP signature etc.. I really don't get its concept.

GIT Version control:

I created account in assembla.com (for private GIT repo) and it asked me to enter "SSH keys" to my profile. Where am I gonna get these? Why do I need it? Isn't SSH related to remote login (like remote desktop or telnet)? How are these two SSHs related & differ?

I don't know in how many more situations I'm going to encounter these things.

I'm really confused and have no clue about where to start & how to proceed to learn these things. Kindly someone point me in correct direction.

Note: I've absolutely zero interested in encryption related topics. So, there is no way I'm going to read a graduate level book on this subject. I just want to clear my concepts without going into much depth.

claws

Posted 2010-06-02T02:39:31.387

Reputation: 3 627

Answers

You can download the Twit.tv Security Now podcasts to get yourself familiar with the concepts. That or get them from GRC.COM/Securitynow. Start from #1 and move forward until you believe you've got enough. That or you can get one of the CompTIA Security+ certification books and read to get background.

That said, most of what you are discussing is what is known as PKI. Public Key Infrastructure is a way of encrypting info in which you create a key pair. One of the keys is called public and you publish it. Anyone can encrypt data using your public key and send it to you. The other key is called private and only you must know it. Only the private key can decrypt the data. Similarly, you can encrypt using the private key, send the data out and the receiver gets your published public key and only it can decrypt it.

RSA and DSA are two encryption forms. Don't worry about the difference. You basically need to sign up with a firm like Verisign who will help you with an account and you create the key pair. They publish the public key and you keep the private key.

PGP is a program which uses similar technology. You install the program and create a key pair. Send the public to PGP's server. From then on, when you send mail, it can either encrypt using your private key and the receiver needs the public key to decrypt or you can create a hash - a short numerical representation of the email - which is then attached to the bottom and created using your private key. The receiver reads the email and using software, creates a hash using your public key and compares it to the signature. If they match, nothing was altered and it proves you sent it.

As far as SSH, I'll leave someone else to explain protocols.

Blackbeagle

Posted 2010-06-02T02:39:31.387

Reputation: 6 424

1http://www.grc.com/Securitynow.htm – claws – 2010-06-02T03:11:32.633

Here you go.

Ignacio Vazquez-Abrams

Posted 2010-06-02T02:39:31.387

Reputation: 100 516