Thursday, November 3, 2011

Are Digital Certificates Confusing?

Public key, hashing, signatures blah blah ..really confusing aren't they?

Here we go!
Foo wants to send Assange a letter, only to be read by Assange. Yes, a very secret document for his drop box! Foo decides to encrypt the message. But which algorithm will Foo use and how will Assange know about the algorithm(to decrypt)? More over Intelligence Agencies (IA) are spying, so Foo cannot call Assange and say "Hey, I am using XOR".

Assange has a public encryption key(key = complex mathematical formulas to make data unreadable). Anyone can encrypt with the key and only Assange can read it. How? Public key has a pair called private decryption key, which helps to decrypt the message. And Assange won't share his private key.

Foo gets Assange's public key. Encrypts the message and sends it to Assange.  IA got the message before Assange, but fortunately they could not read it. And we know why :)

Happy ending is it not? But Assange received the wrong message!
IA destroyed the message on it's way to Assange's inbox and replaced it with another message using Assange's public key. And Assange mistook it for Foo's message!

[to be continued .. but meat to bite on-> how can such situations be prevented?]
Clue: What if we make the decryption key public and encryption key private! Plus we need to do one more thing.. think layering :). Oh! is that what we call a signature? And could these certificate thingies be outsourced to an external agency? Well... can't call it confusing anymore.. can we? :D
Comment your thoughts please :)

3 comments:

  1. Yes this concept seems to me very confusing. I read so many blogs to know about it but there are so many terms used that are difficult to interpret. But I must say that you have explained this complete concept with such an ease. Thanks for this great effort.
    digital certificates

    ReplyDelete
    Replies
    1. Good to hear..feedback does matter.thank you

      Delete
  2. Its too good...But one suggestion...It was like an interesting movie where only till Interval Icould watch.After that I want to watch the entire story on how Digital Signature used and why Digital certificates..Whether Digital certificates are common for all messages?Whatif Digital certificate itself is tampered...?Would like to understand all these from your way of writing ...

    ReplyDelete