What's private isn't public
Gadgets Authentication Crypto ENV HTTP Regex Regex 2 Robots Snarfs SSL Stepper	First, a word about public/private key cryptography. If you wanted a script to encrypt a message, you could build an encryption algorithm into it that would obfuscate the message each time it ran. But anyone could determine how to decrypt the message just by looking at the source code of a script. Disassembly of a compiled program would be only a little more difficult. Alternatively, you could use a "secret" key, or rather large number, to feed to any of several well-known algorithms to use in scrambling the bits. But how would you keep the "secret" key secret? It would have to be always available on the server, with no real way to hide it. It's problems like these that public key encryption is so good at solving. The principle of using two separate keys for encrypting and decrypting data was first written about by Whitfield Diffie and Martin Hellman of Stanford University in 1976. It works like this: The two keys are generated simultaneously by rather involved mathematical formulae. One key, the public key, will be used to encrypt the data. But the public key cannot decrypt the data, even though it was used to encrypt it. Only the private key can decrypt what the public key encrypted. This makes it mostly safe to leave the public key lying around wherever. In fact, the idea in PGP is to publish your public key freely to anyone who wants to send you mail. The private key, however, must be guarded securely. Both PGP and GnuPG allow you to add password protection to the private key, but it's also a good idea to keep the key in a secure place, say on a floppy disk. But don't lose it. Once lost, all data encrypted with its public-key twin will be lost forever. << Back  Next >>
	Home | Gadgets | Code | Links | Reads | Contact Copyright © 1999, 2001, 2002 by John H. Byrd All rights reserved.