Overview

In this blog, we will explore how a Public key is created with RSA Asymmetric Key Encryption in an oversimplified version. We will know, how a shared secrete is shared between server and client, which is then used for further encrypted commnication after initial handshake.

Magic of Public Key Cryptography:

Here’s an oversimplified version of RSA Asymmetric Key Encryption:

• Let n be a big integer (say 300 digits);
• n is chosen such that it is a product of two prime numbers of similar sizes (let’s call them p and q).
• We will then compute things modulo n: this means that whenever we add or multiply together two integers, we divide the result by n and we keep the remainder (which is between 0 and n-1, necessarily).
  • Given x, computing x³ modulo n is easy:
    • you multiply x with x and then again with x, and then you divide by n and keep the remainder. Everybody can do that.
  • On the other hand, given x³ modulo n, recovering x seems overly difficult (the best known methods being far too expensive for existing technology)
  • – unless you know p and q, in which case it becomes easy again.
  • But computing p and q from n seems hard, too (it is the problem known as integer factorization).
     
• So here is what the server and client do:
  • The server has a n and knows the corresponding p and q (it generated them). The server sends n to the client.
  • The client chooses a random x and computes x³ modulo n.
  • The client sends x³ modulo n to the server.
  • The server uses its knowledge of p and q to recover x.
  • At that point, both client and server know x. But an eavesdropper saw only n and x³ modulo n; he cannot recompute p, q and/or x from that information.
     
• So x is a shared secret between the client and the server.
• n is the RSA Public Key sent by the server.
• After that this is pretty straightforward symmetric encryption, using x a shared secret as key.
   

Further Reading

If interested in knowing actual RSA operations like Key-generation, Key-distribution, Encryption, Decryption; see Wikipedia RSA link.

A Cretificate

• The certificate is a vessel for the server public key (n).
• It is used to thwart active attackers who would want to impersonate the server: such an attacker intercepts the communication and sends its value n instead of the server’s n.
• The certificate is signed by a certification authority, so that the client may know that a given n is really the genuine n from the server he wants to talk with.
• Digital signatures also use asymmetric cryptography, although in a distinct way (for instance, there is also a variant of RSA for digital signatures).

 

References

• How is it possible that people observing an HTTPS connection being established wouldn’t know how to decrypt it?