[ale] emailing public dsa key (good, bad or ugly?)

Joe Knapka jknapka at kneuro.net
Thu Jan 26 02:12:23 EST 2006 

James P. Kinney III wrote:

>On Wed, 2006-01-25 at 22:19 -0700, Joe Knapka wrote:
>  
>
>>Sid Lane wrote:
>>
>>    
>>
>>>hey,
>>>
>>>I am in the process of setting up an automated file transfer to an 
>>>external vendor who has agreed to scp over ssh2 but is asking me to 
>>>email the public key to them.
>>>
>>>is there any risk in doing this via email?  I understand the basic 
>>>principles of asymetric cryptography and that it shouldn't be possible 
>>>to decrypt w/the public key.
>>>      
>>>
>>Sure it is. You can decrypt any message encrypted with the private key.
>>
>>    
>>
>>>I was just wondering if there are any attacks/exploits that knowing it 
>>>make easier.  FWIW, box that will be pushing to them is behind (a 
>>>couple of) firewall(s) so nothing in the wild should even be able to 
>>>attempt to initiate an ssh (or anything else for that matter) to it.
>>>      
>>>
>>Wait...  *You* will be sending data to *them*? In that case, you need 
>>*their* public key,
>>not the other way around.  The public key is the one you encrypt with if 
>>you want your
>>message to stay private;  the private key is the one you encrypt with if 
>>you want the
>>receiver to be able to verify your identity.
>>    
>>
>
>I don't think this is correct. By putting your pub key on the remote
>server, the server uses that key to send the random string to you, which
>you get, decrypt and  then re-encrypt with the pub key the server just
>sent over. Now the server decrypts the string you sent and that verifies
>you are who you claim to be. Once the user authentication is over, the
>server and client generate a random string that gets "glued" by
>the ?server?. This is the encryption key for a while. It is a fast key
>(like blowfish) and the key is changed often. The secret to this mess is
>the key pieces are sent encrypted with the pub keys so no snooper can
>get them.
>
>The pub key can only encrypt. The private key can only decrypt. In some
>  
>
That depends on exactly which encryption system you're using; there 
definitely
are PK systems where either key can decrypt messages encrypted by the
other.  It's been a long while since I read my Schneier, so I'm sure 
you're right
about the protocol.

Cheers,

-- JK

More information about the Ale mailing list