Perspectives
A Puzzle for New Cryptography Students
Tuesday, June 30th, 2009
Brian Tokuyoshi – Product Marketing Manager
When people new to cryptography first start to learn about public keys, they start with the basics, usually involving a person named Alice and a person named Bob. One maxim that they learn is that a message encrypted by one’s public key could only be decrypted with the corresponding private key. (I get a little tired of reading about analogies with Alice and Bob, so I’m going to use different names. Let’s go with Angelina and Brad). If Angelina wants to send Brad a private message, she uses a copy of his public key to encrypt the message. Brad, the recipient, uses his private key to access the message. That portion of public key cryptography is easily understood.
Now let’s take an example using encrypted email, which often has more than one recipient. If Angelina sends an encrypted email to two people, and uses the public key for each person, shouldn’t there be two encrypted copies of the message? Let’s say that Angelina sends Brad and another person (let’s call her Jennifer) an encrypted email. Shouldn’t it be twice as big as a message that she sends to Brad alone? We know that the owner of the private key is the sole person who can decrypt a message encrypted to that person’s public key. So here’s the paradox: How come a 1 megabyte message emailed to 20 people doesn’t end up being 20 megabytes in size (one megabyte per person)?
Here’s the secret sauce – asymmetric cryptography isn’t being used to encrypt the message. It’s only used to encrypt the key that encrypts the message. There is an additional encryption key (called the session key) used during the process to encrypt the email.
When Angelina encrypts the email, she makes up a session key (well, technically it’s PGP Desktop that generates the key) and encrypts the message with it. She’s the only one that knows this encryption key at this point. She needs to share this key with Brad and Jennifer in order to let them decrypt the message.
So Angelina then uses Brad and Jennifer’s respective public key to encrypt the session key used to encrypt the message. The email increases in size only by a small amount, because it only grows the size of the encrypted session key, not the size of the encrypted message. In short, the actually email contains the message encrypted with session key, together with an encrypted copy of the key for Brad, along with an encrypted key for Jennifer. This method uses asymmetric cryptography to exchange the keys from sender to recipient, and uses symmetric cryptography to encrypt the message itself.
Now that you know how encrypted email works, can you guess how SSL/TLS uses only one public key to secure web traffic? The web server has an SSL certificate, but the user usually doesn’t have their own key, so how does that work? Give it some thought and we’ll provide you with the answer in an upcoming edition of PGP Perspectives.