On Fri, 5 Jul 2002, Scott Fletcher wrote:
> For Miguel Cruz posting back there.  If I understand correctly, the private
> key are inside the public key.  Is this correct?

I'm not completely sure I understand your question. When you visit a site 
using HTTPS, here's basically what happens:

1. Your browser initiates the connection and sends the server information 
about which key types it supports. 

2. The server sends you its certificate, which is the server's public key 
signed with a certificate authority's private key. It also sends a 
response to the client's list of supported key types, so that they can 
find some common ground.

3. Your browser verifies the certificate using the certificate authority's 
public key, which was distributed with the browser.

4. Based on its capabilities (as sent in step 1) and the server's 
capabilities (as received in step 2), the browser generates a new key to 
be used for this session. It's a symmetric key, no public or private 
stuff. The browser sends this to the server.

5. From here on, the browser and server use a key derived from this 
symmetric key to encode the data they send back and forth.

It's possible you were just asking whether, as a general matter, private
keys are contained within public keys. No, with public-key cryptography as
I understand it, that's not the case. They are related to each other but 
neither contains the other.

First, you need an algorithm which is relatively easy to operate in one 
direction, but is next to impossible in the other direction. As a silly 
example, "adding 5 to the number" is a bad algorithm for this application 
since it's easy to reverse - just subtract 5 instead. 

A pretty common algorithm involves the product of two very large prime 
numbers and depends on the difficulty of guessing, from the product, what 
those two primes were. I'll spare you the math, but for a trivial example, 
see if you can figure out the two factors of 31,622,417 are (hint: they're 
both 4-digit numbers). The problem gets substantially harder as the 
numbers grow.

The public and private key are derived from the product and its prime
factors. Either of these keys can be combined with arbitrary data to
produce encoded data that can easily be decoded with the use of the other
key. However, going the other way - for instance, arriving at the private
key given the public key and encoded data - is next to impossible because
the algorithm is difficult to reverse. Just like it was really easy for me
to multiply those two prime numbers to get 31622417 but it'll take you a
much longer time to figure out what they were, even though it's not a very
big number and there's only a single right answer.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to