this post was submitted on 15 Aug 2023
31 points (100.0% liked)
Explain Like I'm Five
14270 readers
8 users here now
Simplifying Complexity, One Answer at a Time!
Rules
- Be respectful and inclusive.
- No harassment, hate speech, or trolling.
- Engage in constructive discussions.
- Share relevant content.
- Follow guidelines and moderators' instructions.
- Use appropriate language and tone.
- Report violations.
- Foster a continuous learning environment.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
With asymmetric encryption there are 2 keys - 1 is public (= everyone can look it up) and 1 is private (only the receiver has that key). Those are mathematically related.
When I send a message, I use the receivers Public key to encrypt the message - so that message is only decryptable with the private key, so the recipient alone can decrypt it.
How is the recipient the only one with a private key? If the key is sent with the message, then how does it determine the recipient? Couldn't someone spoof the recipient's credentials? What credentials are used to determine the proper recipient?
The private key never leaves the one it belongs to - if it does, then the encryption isn‘t secure anymore. If keys are sent, then the public ones, which are ‚public‘ (e.g. let me send you my public key, so you can send encrypted messages to me).
When you create a key pair, you get which the private and which the public one is. Keep your private key, private and you‘re the only holdener.
For advanced security, the messages (e.g. E-Mails) are secured on top with TLS, which encrypts the message on its way. If there‘s a man-in-the-middle attack, he would just see the encrypted message with no key to decrypt it.