>I do not understand how I could encrypt my credit card number, transmit
>the encrypted number, and then have the recipient to decrypt the number
>unless the recipient had a compatible decryption engine and had
>knowledge of the original encryption key (i.e the password or pass
>phrase that I use to encrypt the data). It would seem that somehow
>this kind of thing is what would have to happen when using a "secure"
>web site. How does this kind of "magic" work?
This works thanks to public key crypthography. In this
asymmetric algorithms the user generates two keys. What is encrypted
using one of the keys can only be decrypted using the other one. If
you have the public key of the web site and you encrypt your password
using this key, then only the server will be able to decrypt the
password because only it knows the private key. The server can
authenticate itself by encrypting a string with its private key and
then you can be sure that it is who it is pretending to be if you can
decrypt it with the public portion of the key.
Actually, because of the slowness of public key cyphers, what
it is encrypted is a key of a symmetric encryption algorithm (same key
to encrypt and decrypt) and it is sent with the clear text encrypted
with this symmetryc key. Secure shell (a program used to replace
rsh) worked this way not only to encrypt communication, but also to
provide a better way of authentication of the remote and the user
trying to log in. With this kind of encryption everybody can
distribute his public key and then expect his mail encrypted with it.
There are programs intended to do this; pretty good privacy (PGP) is
one of the most used. I think its web site is www.pgp.com if you are
in the USA or www.pgpi.com if not. There is newsgroup dedicated to
talk about this: sci.crypt and I think they have a FAQ (although I'm
not sure).
Of course, if you want to talk to web servers that use this
kind of encryption you will have to have a browser which can handle it.
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
