SSL TLS: Public Key Cryptography

 

Overview

In this blog, we will explore how a Public key is created with RSA Asymmetric Key Encryption in an oversimplified version. We will know, how a shared secrete is shared between server and client, which is then used for further encrypted commnication after initial handshake.

Magic of Public Key Cryptography:

Here’s an oversimplified version of RSA Asymmetric Key Encryption:

  • Let n be a big integer (say 300 digits);
  • n is chosen such that it is a product of two prime numbers of similar sizes (let’s call them p and q).
  • We will then compute things modulo n: this means that whenever we add or multiply together two integers, we divide the result by n and we keep the remainder (which is between 0 and n-1, necessarily).
    • Given x, computing x3 modulo n is easy:
      • you multiply x with x and then again with x, and then you divide by n and keep the remainder. Everybody can do that.
    • On the other hand, given x3 modulo n, recovering x seems overly difficult (the best known methods being far too expensive for existing technology)
    • – unless you know p and q, in which case it becomes easy again.
    • But computing p and q from n seems hard, too (it is the problem known as integer factorization).
       
  • So here is what the server and client do:
    • The server has a n and knows the corresponding p and q (it generated them). The server sends n to the client.
    • The client chooses a random x and computes x3 modulo n.
    • The client sends x3 modulo n to the server.
    • The server uses its knowledge of p and q to recover x.
    • At that point, both client and server know x. But an eavesdropper saw only n and x3 modulo n; he cannot recompute p, q and/or x from that information.
       
  • So x is a shared secret between the client and the server.
  • n is the RSA Public Key sent by the server.
  • After that this is pretty straightforward symmetric encryption, using x a shared secret as key.
     

Further Reading

If interested in knowing actual RSA operations like Key-generation, Key-distribution, Encryption, Decryption; see Wikipedia RSA link.

A Cretificate

  • The certificate is a vessel for the server public key (n).
  • It is used to thwart active attackers who would want to impersonate the server: such an attacker intercepts the communication and sends its value n instead of the server’s n.
  • The certificate is signed by a certification authority, so that the client may know that a given n is really the genuine n from the server he wants to talk with.
  • Digital signatures also use asymmetric cryptography, although in a distinct way (for instance, there is also a variant of RSA for digital signatures).


 

References