29
submitted 6 months ago by t0mri@lemmy.ml to c/security@lemmy.ml

There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

you are viewing a single comment's thread
view the rest of the comments
[-] kevincox@lemmy.ml 10 points 6 months ago* (last edited 6 months ago)

Great question. Modern encryption schemes are usually composed of a handful of primitives. If we consider something like HTTPS it uses both asymmetric and symmetric parts.

Asymmetric encryption is the "magic" that you are missing. Asymmetric encryption algorithms create a keypair, one half of this is the "public key" which can be used to encrypt messages that can only be decrypted by the "private key". This means that even if the public key is public (as the name suggests) the messages can't be decrypted without the private key.

You can think of this as giving someone an open padlock. They can put something inside a box and lock it using the padlock, but they can't open it without your key.

Using this you could come up with a very simple protocol for establishing a secure channel:

  1. The server sends you their public key, along with a certificate that proves that it belongs to them.
  2. The client then uses this public key to encrypt a key for symmetric encryption.
  3. The client sends this encrypted key to the server.
  4. The server decrypts the key.
  5. Now the client and server can both use the shared key to communicate.

(Note: There are many missing features from this system, but I think it illustrates the point. Don't design your own crypto.)

this post was submitted on 28 Apr 2024
29 points (78.4% liked)

Security

5014 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS