On Fri, 5 Jul 2002, Scott Fletcher wrote: > For Miguel Cruz posting back there. If I understand correctly, the private > key are inside the public key. Is this correct?
I'm not completely sure I understand your question. When you visit a site using HTTPS, here's basically what happens: 1. Your browser initiates the connection and sends the server information about which key types it supports. 2. The server sends you its certificate, which is the server's public key signed with a certificate authority's private key. It also sends a response to the client's list of supported key types, so that they can find some common ground. 3. Your browser verifies the certificate using the certificate authority's public key, which was distributed with the browser. 4. Based on its capabilities (as sent in step 1) and the server's capabilities (as received in step 2), the browser generates a new key to be used for this session. It's a symmetric key, no public or private stuff. The browser sends this to the server. 5. From here on, the browser and server use a key derived from this symmetric key to encode the data they send back and forth. It's possible you were just asking whether, as a general matter, private keys are contained within public keys. No, with public-key cryptography as I understand it, that's not the case. They are related to each other but neither contains the other. First, you need an algorithm which is relatively easy to operate in one direction, but is next to impossible in the other direction. As a silly example, "adding 5 to the number" is a bad algorithm for this application since it's easy to reverse - just subtract 5 instead. A pretty common algorithm involves the product of two very large prime numbers and depends on the difficulty of guessing, from the product, what those two primes were. I'll spare you the math, but for a trivial example, see if you can figure out the two factors of 31,622,417 are (hint: they're both 4-digit numbers). The problem gets substantially harder as the numbers grow. The public and private key are derived from the product and its prime factors. Either of these keys can be combined with arbitrary data to produce encoded data that can easily be decoded with the use of the other key. However, going the other way - for instance, arriving at the private key given the public key and encoded data - is next to impossible because the algorithm is difficult to reverse. Just like it was really easy for me to multiply those two prime numbers to get 31622417 but it'll take you a much longer time to figure out what they were, even though it's not a very big number and there's only a single right answer. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
