What are private and public Keys?

Asked

Viewed 419 times

14

After I got caught and broke my head to install ssl certificates in Apache, some questions arose in my head regarding some nomenclatures that were appearing according to the searches I was doing to get help on the internet.

What struck me most was when I tried to set up the key pointing in the Apache2 configuration file, where I would have to point to two files, being them public key and private key (in English called public key and private key).

I wanted to understand:

  • what each of these two types of keys mean?

  • Why they are used in SSL certificates?

  • A private-key has some relationship (a dependency relationship, for example) with the public-key?

  • They follow some pattern (because I always see these keys with a code similar to a Base64)?

  • What are the default file extensions to identify each of them?

2 answers

6

As you’ve already done the short and thick answer, I’ll do the long.

To understand the terms 'public key' and 'private key' you need to know a little about encryption algorithms.

Introduction to Encryption

Encryption algorithms aim to ensure that a emitter swap a message with a recipient without intermediaries obtaining it.

On the Internet, they are responsible for preventing strangers from reading your precious personal data. After all, you don’t want people snooping your email or worse, your credit card number!

There are two main ways to do this.

Symmetric algorithms use a single key, known beforehand by both the sender and the recipient. The workflow is simple: the sender encrypts the message using the key and sends the encrypted content over the internet. The receiver then receives the message and decrypts it using that same key.

As you may have noticed, this type of algorithm has a problem: both sides of the conversation need to know what the key is to decrypt the message! How to send secure messages to unknown recipients? Simple.

Asymmetric algorithms work not with one but two keys:

  • One public key, available to all, is used to encrypt the message. This key cannot decrypt.
  • One private key, known ONLY to the recipient, has the power to decrypt the messages.

Asymmetric algorithms work (almost) like mailboxes: Any sender can put (encrypt) a message in your box, but only you, the recipient, can read.

Regarding the topics of the question

what each of these two types of keys mean?

I hope the above explanation has responded.

Why they are used in SSL certificates

Certificates are a form of asymmetrical algorithm. When you want to send something important to a website, you first encrypt your data using the site’s public certificate. So you guarantee that only the owner of the site can read your information.

A private-key has some relationship (a dependency relationship, for example) with the public-key?

Well, to encrypt something you need public and to decrypt the toilet. It doesn’t make much sense to have one without the other.

They follow some pattern (because I always see these keys with a code similar to a Base64)?

There are several certificate standards. A very common example is X509. All the standards I know for certificates are binaries, because of performance.

What are the default file extensions to identify each of them?

There are several different extensions for certificates. If you understand English I suggest you take a look in this blog.

Other Questions

Both private and public key are coded in X509?

Yes.

  • One last question: Both the private key and the public key are encoded in X509?

  • 2

    @Wallacemaxters answered above.

  • I think there is some confusion about the use of key pairs in certificates. A certificate is used exclusively for sign messages (private key signs, public key checks signature), never to encrypt. The encryption is done using a second pair of keys, ephemeral, created solely for that session and then discarded. For more details, I suggest the question "How HTTPS (SSL) works?"

0

Public and private keys are related to their functionality, where and when to send data, consider whether the client server scenario.

Example by sending a form (client), take my public key encode the data and send me your form. Server, form coming to me, then I take my key that only I know and use to open the information I received from the form.

This is the simplified form of the process, they have total dependency relationship because if you take any other key, with my private key the server will not be able to open.

The keys are base 64bits, usually has no way of knowing that it is public and private except by the extension itself. because they resemble precisely to hinder decoding the keys with some key-breaking policies.

That is that I can contribute to the question, there are more in-depth details, books, colleges and many theories for the subject.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.