> This Arachnid needs to understand the relationship between your "public" key
> and your "private" key before the above will sound secure.
This is explained by reading the RSA algorithm -
<http://world.std.com/~franl/crypto/rsa-guts.html>
> Are you saying that you can generate a public key from your private key and
> any information encrypted with that public key is secure because it can only
> be decrypted by YOUR private key ?
Yes. (or actually, you generate both keys at the same time.)
> If someone has your public key AND the original material they intend to
> encrypt AND the encrypted result plus an understanding of the encryption
> process, do they not then have enough information to generate a copy of
> your private key ?
No. That would mean using RSA "backwards" - can't be done. The thing is,
you MUST NOT be able generate a secret key from the plaintext (in data to
the algorithm, unencrypted), the key, and the encrypted result in a
public-key system like RSA.
You shouldn't even be able to generate the plaintext if you have the
ciphertext (encrypted in data) and the public key.
> Or, is that private key used ONLY ONCE ?
Both keys are used as long as they aren't changed, ie. somewhere between
once and forever =)
/petri
