Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

The Basics of Cryptology Expand / Collapse
Author
Message
Posted Wednesday, August 10, 2005 3:06 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 18, 2005 4:21 PM
Points: 75, Visits: 1

My understanding of how public/private keys work is a little different.  The sender uses the public key to encrypt and send the data to the receiver.  The receiver uses the private key to decrypt the message.  The two keys are related to each other because each can encrypt and the other decrypt the message, but they are used individually.

On secure E-mail, both sides have public/private keys.  First it is encrypted with the sender's private key, then it is encrypted with the receiver's public key.  The receiver has to supply a password that decrypts his personal private key, decrypts the message using that private key and then uses the sender's public key to decrypt the plain text message.

Post #209331
Posted Wednesday, August 10, 2005 3:18 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 1:20 PM
Points: 1,276, Visits: 1,135

Thanks for the feedback!

Yeah, I saw the typo in the image after Douglas pointed out the Asymmetric Encryption typo.  I also mis-spelled "voila" as "viola" early on.  That's what I get for trying to edit these things late at night without enough caffeine in my system [My kingdom for a Mountain Dew!]

You are right of course   SQL Server can be configured to use SSL to secure communications between clients and servers.  The reason I glossed over the Asymmetric Encryption discussion was because this article is really a further explanation/continuation of the toolkit article, and the toolkit provides only Symmetric Encryption tools.  I do believe Asymmetric Encryption needed to be mentioned to round out the discussion, but I found out pretty quickly that a decent treatment of Asymmetric Encryption really would take a full article by itself.  And that article would really have to delve into the mathematics, which I was trying to avoid in this introductory article.

For those interested in pursuing the asymmetric encryption model, the Schneier book gives a very nice treatment of the asymmetric encryption, including several excellent examples of how it works in the real world (or, in some cases, how it should work...).  Wikipedia also has several articles on asymmetric encryption, RSA and SSL.

Post #209338
Posted Wednesday, August 10, 2005 3:36 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 1:20 PM
Points: 1,276, Visits: 1,135

Yup, thanks for keeping me honest!   I don't know what's wrong today - must be a full moon.  The public and private keys both share a common modulus, which is used in both the encryption and decryption process; therefore the receiver only needs the private key to decrypt the message.

For secure e-mail, are you talking about PGP?  If I recall correctly, PGP uses symmetric encryption to encrypt a message, and then uses asymmetric public-key encryption to encrypt the symmetric key, which is then sent with the message.

Thanks!

 

Post #209345
Posted Thursday, August 11, 2005 1:00 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 18, 2005 4:21 PM
Points: 75, Visits: 1
Actually, I don't know what I'm talking about.  This was how I understood MS Outlook worked.  I could easily be totally wrong.  PGP sounds like it could be the method being used and I misunderstood how it worked.
Post #209707
Posted Thursday, August 11, 2005 8:49 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 1:20 PM
Points: 1,276, Visits: 1,135

Yeah I think PGP is actually a third-party add-on; I had to roll a version for a bank back in the day on the old ColdFusion platform.

I believe Outlook uses PKI - S/MIME, which means you have to install the proper certificates that contain the Public Key to send, and have your private key installed to receive, encrypted e-mail using Outlook.  I'm not sure you have to enter an additional code/key when you receive the e-mails (unless you've added a password to your personal folders), although you do have to have the proper certificates installed.

Post #209843
Posted Saturday, August 13, 2005 7:47 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 1:20 PM
Points: 1,276, Visits: 1,135

Thanks Chris, I wrote this as an introductory article to the subject and I'm glad you found it interesting.  I submitted one more on this topic that is a short intro to the mechanics of modern encryption algorithms.  It goes into a little more detail about the theory and implementation of computer encryption.  I hope you find that one useful as well.

Thanks again!

Post #210304
Posted Monday, August 15, 2005 12:27 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, June 13, 2008 6:47 AM
Points: 37, Visits: 3

"Discussions never End" -veer

Keep up the great work and use the feedback from all others and come out with more articles on this subject.

THanks in Advance...

"Every Initiation process has the biggest resistance that is why they need extra Energy" -Veer

Post #210566
Posted Thursday, August 10, 2006 5:13 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, September 30, 2014 10:28 AM
Points: 6, Visits: 120

Interesting article and well done. There is a cryptographic time warp, however. I read the article today - 8/10/2006 and all comments are from 2005 - LOL!

Next article might be about generating your own application key (Banks - as the author certainly knows) require certain basic levels of encryption on data fields and we can generate many good keys to encrypt and decrypt with (3DES as one example). All we need is a seed and a vector and we can generate some really awesome encryption.

 

Post #300831
Posted Saturday, February 10, 2007 9:55 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 1:20 PM
Points: 1,276, Visits: 1,135
Hi Brian,

For some reason I'm not receiving emails from my threads here anymore (need to check my settings I guess), so I didn't see this one until just now. I've actually written an article on SQL 2005 encryption that talks about the ANSI X9.17 standard and how SQL 2005's encryption parallels its key security model. SQL 2005 has the ability to take a password/passphrase and "mangle" it using hash functions and a bunch of bit level manipulations to generate keys that are quite un-reverse-engineerable.

Generating your own encryption keys is a heckuva subject to get into though Random number generation functions in most computer languages aren't considered to be up to the task of generating encryption keys, and to do the job right you'd need some specialized software or hardware. I've done some work in the area with various algorithms - one of my favorites is the "Twister" random number generation algorithm, because it is simple and does a decent job (it was created by professional statisticians). I believe Schneier points out in his book though, that if you want true random numbers you really have to hook your computer up to some sort of subatomic particle detection device and rely on Heisenberg's uncertainty principle to do the rest

If I have time one day I'll pull together information on some of these approaches and maybe put together some sample key generation code as well.

Thanks!
Post #344035
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse