

SSC Journeyman
Group: General Forum Members
Last Login: Thursday, August 18, 2005 4:21 PM
Points: 75,
Visits: 1


My understanding of how public/private keys work is a little different. The sender uses the public key to encrypt and send the data to the receiver. The receiver uses the private key to decrypt the message. The two keys are related to each other because each can encrypt and the other decrypt the message, but they are used individually. On secure Email, both sides have public/private keys. First it is encrypted with the sender's private key, then it is encrypted with the receiver's public key. The receiver has to supply a password that decrypts his personal private key, decrypts the message using that private key and then uses the sender's public key to decrypt the plain text message.




Ten Centuries
Group: General Forum Members
Last Login: Friday, October 30, 2015 9:10 AM
Points: 1,277,
Visits: 1,168


Thanks for the feedback! Yeah, I saw the typo in the image after Douglas pointed out the Asymmetric Encryption typo. I also misspelled "voila" as "viola" early on. That's what I get for trying to edit these things late at night without enough caffeine in my system [My kingdom for a Mountain Dew!] You are right of course SQL Server can be configured to use SSL to secure communications between clients and servers. The reason I glossed over the Asymmetric Encryption discussion was because this article is really a further explanation/continuation of the toolkit article, and the toolkit provides only Symmetric Encryption tools. I do believe Asymmetric Encryption needed to be mentioned to round out the discussion, but I found out pretty quickly that a decent treatment of Asymmetric Encryption really would take a full article by itself. And that article would really have to delve into the mathematics, which I was trying to avoid in this introductory article. For those interested in pursuing the asymmetric encryption model, the Schneier book gives a very nice treatment of the asymmetric encryption, including several excellent examples of how it works in the real world (or, in some cases, how it should work...). Wikipedia also has several articles on asymmetric encryption, RSA and SSL.




Ten Centuries
Group: General Forum Members
Last Login: Friday, October 30, 2015 9:10 AM
Points: 1,277,
Visits: 1,168


Yup, thanks for keeping me honest! I don't know what's wrong today  must be a full moon. The public and private keys both share a common modulus, which is used in both the encryption and decryption process; therefore the receiver only needs the private key to decrypt the message. For secure email, are you talking about PGP? If I recall correctly, PGP uses symmetric encryption to encrypt a message, and then uses asymmetric publickey encryption to encrypt the symmetric key, which is then sent with the message. Thanks!




SSC Journeyman
Group: General Forum Members
Last Login: Thursday, August 18, 2005 4:21 PM
Points: 75,
Visits: 1


Actually, I don't know what I'm talking about. This was how I understood MS Outlook worked. I could easily be totally wrong. PGP sounds like it could be the method being used and I misunderstood how it worked.




Ten Centuries
Group: General Forum Members
Last Login: Friday, October 30, 2015 9:10 AM
Points: 1,277,
Visits: 1,168


Yeah I think PGP is actually a thirdparty addon; I had to roll a version for a bank back in the day on the old ColdFusion platform. I believe Outlook uses PKI  S/MIME, which means you have to install the proper certificates that contain the Public Key to send, and have your private key installed to receive, encrypted email using Outlook. I'm not sure you have to enter an additional code/key when you receive the emails (unless you've added a password to your personal folders), although you do have to have the proper certificates installed.




Ten Centuries
Group: General Forum Members
Last Login: Friday, October 30, 2015 9:10 AM
Points: 1,277,
Visits: 1,168


Thanks Chris, I wrote this as an introductory article to the subject and I'm glad you found it interesting. I submitted one more on this topic that is a short intro to the mechanics of modern encryption algorithms. It goes into a little more detail about the theory and implementation of computer encryption. I hope you find that one useful as well. Thanks again!




SSC Rookie
Group: General Forum Members
Last Login: Friday, June 13, 2008 6:47 AM
Points: 37,
Visits: 3


"Discussions never End" veer Keep up the great work and use the feedback from all others and come out with more articles on this subject. THanks in Advance... "Every Initiation process has the biggest resistance that is why they need extra Energy" Veer




Forum Newbie
Group: General Forum Members
Last Login: Monday, January 4, 2016 7:35 AM
Points: 6,
Visits: 127


Interesting article and well done. There is a cryptographic time warp, however. I read the article today  8/10/2006 and all comments are from 2005  LOL! Next article might be about generating your own application key (Banks  as the author certainly knows) require certain basic levels of encryption on data fields and we can generate many good keys to encrypt and decrypt with (3DES as one example). All we need is a seed and a vector and we can generate some really awesome encryption.




Ten Centuries
Group: General Forum Members
Last Login: Friday, October 30, 2015 9:10 AM
Points: 1,277,
Visits: 1,168


Hi Brian,
For some reason I'm not receiving emails from my threads here anymore (need to check my settings I guess), so I didn't see this one until just now. I've actually written an article on SQL 2005 encryption that talks about the ANSI X9.17 standard and how SQL 2005's encryption parallels its key security model. SQL 2005 has the ability to take a password/passphrase and "mangle" it using hash functions and a bunch of bit level manipulations to generate keys that are quite unreverseengineerable.
Generating your own encryption keys is a heckuva subject to get into though Random number generation functions in most computer languages aren't considered to be up to the task of generating encryption keys, and to do the job right you'd need some specialized software or hardware. I've done some work in the area with various algorithms  one of my favorites is the "Twister" random number generation algorithm, because it is simple and does a decent job (it was created by professional statisticians). I believe Schneier points out in his book though, that if you want true random numbers you really have to hook your computer up to some sort of subatomic particle detection device and rely on Heisenberg's uncertainty principle to do the rest
If I have time one day I'll pull together information on some of these approaches and maybe put together some sample key generation code as well.
Thanks!



