tags:

views:

2144

answers:

5

Hi,

In AES encryption (.net framework), how are the public and private keys used?

Are the public and private keys combined to form a full key, and then the algorithm uses the public + private key to encrypt the data?

(simplified keys used below for example purposes)

e.g. public key = 12345 private key = 67890

so the key used when generating the encryption result is: 1234567890

+6  A: 

AES is a symmetric algorithm, so it does not have public and private keys - only a shared secret.

Martin v. Löwis
+1  A: 

Pubic and private keys are used in asymmetric cryptography. Something encrypted with the private key may be decrypted with the public key and vise versa. There is no concatenation of the keys and it is not mathematically feasible to derive the private key from the public key.

Brawndo
what's the point of having a public and private key then if both can decrypt others? Why not both have the same key?
See RoadWarrior's response for the correct description of public and private key use
TrickyNixon
+11  A: 

As others have said, AES is a symmetric algorithm (private-key cryptography). This involves a single key which is a shared secret between the sender and recipient. An analogy is a locked mailbox without a mail slot. Anybody who wants to leave or read a message needs to have a key to the mailbox.

If you really want to know the gory details of AES, there's a superb cartoon to guide you along the way.

Public-key cryptography involves two related keys for each recipient involved - a private key which is a secret known only by the recipient, and a related public key which is known by all senders.

The sender encrypts the message using the recipient's public key. That message can only be decrypted by a recipient with a private key matching the public key.

An analogy for public-key encryption is a locked mailbox with a mail slot. The mail slot is exposed and accessible to the public. Its location (the street address) is the public key. Anyone knowing the street address can go to the door and drop a written message through the slot. But only the person who possesses the key can open the mailbox and read the message.

RoadWarrior
A: 

A public key is linked to a private key. The public key (RSA) is distributed to the 'wild' and anyone who wants to send an encrypted file (generically speaking here), they will request the public key and encode against it. The cypertext is unreadable to anyone who gains access to the file, even if they have the public key.

The private key is needed to decode the file. As long as the private key is kept private, it is statically improbable that anyone will guess or hack the the key. Improbable, not impossible.

The real issue is keeping the private key private. Most cracks are done with social hacking. Extortion, loggers and monkey-in-the-middle public key conversion are other ways more probable than brute forcing the password or key.

In your comment to Brawndo you asked

what's the point of having a public and private key then if both can decrypt others? Why not both have the same key?

What you are describing is Symmetric-key algorithms, which AES is one. The reason for public-private keys are that with Symmetric-key algorithms how do you pass a Symmetric key over unsecured networks, mail, phone or what not without the key being intercepted. Perhaps encrypting the key, but then how do you pass that key? With a public-private key combo, that becomes LESS relevant.

"In most cases, there's a greater probability that the sun will burn out before all the computers in the world could factor in all of the information needed to brute force a 256-bit key," said Jon Hansen, vice president of marketing for AccessData Corp, the Lindon, Utah, company that built the software that powers DNA.

WolfmanDragon
A: 

I do not know how the .net framework specifically works (the question should probably have been tagged .net) but by your question it sounds like it implements public/private key crypto, just using AES for its symmetric component.

The usual mode of doing public key encryption is to

  • Generate a symmetric key
  • Encrypt the data with this key, using a symmetric algorithm like AES.
  • Encrypt the symmetric key with the public key, using a asymmetric algo like RSA.
  • Bundle the encrypted sym key with the encrypted data

The reason symmetric algos are preferred for the data itself is that asymmetric ones are very slow.

Given that they couldn't test security (all they really had was the absense of breaks, for several og the candidates), the reason for choosing Rijndael for AES was (mostly) performance related.

MaHuJa