There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

  • RegalPotoo@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    7 months ago

    You’ve missed a key detail in how asymmetric encryption works:

    • For asymmetric encryption algorithms, you essentially have two keys - a “private” key, and a “public” key
    • If you know the private key it is trivial to calculate the public key, but the reverse isn’t true - just given the public key, it is essentially impossible to calculate the private key in a reasonable amount of time
    • If you encrypt something with the public key you must use the private key to decrypt it, and if you encrypt with the private key you can only use the public key for decryption
    • This means that my server can advertise a public key, and you can use that to encrypt the traffic so that only the server that knows the private key can decrypt it
    • lad@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      I used to know that and still struggle to understand how a handshake wouldn’t allow MitM. Later I found out that it requires a third party with a trusted and known certificate for signing handshake exchange messages in order to ensure there’s no man in the middle: https://stackoverflow.com/a/10496684

      • RegalPotoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        A big “It Depends” on that - plenty of applications of asymmetric crypto where you just hard-code the servers public key into the client and call it a day, and GPG has its own PKI scheme that is just kinda weird.

        You also don’t have to use Diffie-Hellman - early versions of SSL just sent the ephemeral key (the symmetric key used for the actual AES session) directly. This works, but using DH also gives you “forward secrecy” - even if a malicious third party has captured the entire encrypted session, then later steals (or factors) your private key they still won’t be able to read the encrypted traffic because they can’t recover the ephemeral key because it wasn’t sent over the wire in the first place

      • Turun@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Yes, that’s why https needs certificates (and sometimes shows a broken lock) and why you need to accept the fingerprint when first connecting to a server via ssh.

        • mitchty@lemmy.sdf.org
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          7 months ago

          Accepting ssh key fingerprints on first ssh is a bad practice. Ssh ca’s and or sshfp are around and have been for decades. Accepting random host keys is like trusting random self signed ssl certificates.

          Use ssh ca’s for user and host keys so you can revoke and rekey hosts without having to update authorized keys. And then you can revoke access to hosts for users as well and much more.

    • atzanteol
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      7 months ago

      If you know the private key it is trivial to calculate the public key, but the reverse isn’t true

      I didn’t believe this is true… In public/private key crypto there is no such thing as “private” and “public”. They’re just a key pair. You choose to make one public by sharing it and the other private by not sharing it.

      • kevincox@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        It depends on the cryptosystem. The private and public halves of the pair are often not symmetrical and often have overlap.

        The parent is likely confused because in most situations the “private key file” will also contain all of the public key. Whether by necessity or for convenience.

      • RegalPotoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Ok, semantics - for RSA you generate a private key, then derive the public key from that private key, and you could publicly post your private key if you wanted to. “Public” and “private” are just names.

    • Turun@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      7 months ago

      Just a nitpick:

      If you know the private key it is trivial to calculate the public key, but the reverse isn’t true

      The public key and the private key are just two big prime numbers. The “trivial to compute” part only works once more information has been shared over the network, like it happens during key exchange. If you were to swap the prime number before initiating any contact it would work the same way.

      Edit: I probably confused different encryption concepts

      • RegalPotoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        In RSA, the private key is a pair of big semi-primes, and the public key is derived from those numbers. I think you are confusing DHKE and RSA with your other points, the private key is never transmitted over the network. For TLS you typically use an asymmetric crypto system to validate identities and encrypt the key exchange to prevent person-in-the-middle, but the key that is agreed using that process is a symmetric key for AES or similar, but that is specific to TLS.

        Also, there are other asymmetric systems that don’t use primes at all - eliptic curve crypto is based on completely different math

    • Scubus
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      But how does the encryption work if you have the public key? Since your computer knows how to encrypt the data with the public key, couldn’t you use that same public key to run that algorithm in reverse? If not, since the public and private keys are not the same, how does the private key go about decrypting that data?

      • RegalPotoo@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        The actual math is way beyond me, but the algorithm is “one way” - it exploits the fact that given two prime numbers (ie, the private key) it is trivial to multiply them together, but if you only know the result (ie, the public key) it is computationally very expensive to determine the original prime factors. If you pick big enough numbers, it becomes effectively impossible to undo the multiplication

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        No. The encryption methods are designed in a way that using a public key will not decrypt the message.