Authentication in Pretty Good Privacy Confusions

  • MHB
  • Thread starter shivajikobardan
  • Start date
In summary: Using the receiver's private key for encryption would not provide any assurance of the source's authenticity, as anyone with the public key could then decrypt it. Similarly, using the receiver's public key for decryption would not provide any assurance of data integrity, as the public key can be accessed by anyone. Therefore, using the sender's private key for encryption and the sender's public key for decryption is the most secure and reliable method for authentication and maintaining data integrity. In summary, the sender's private key is used for encryption to ensure the source's authenticity, while the sender's public key is used for decryption to ensure data integrity.
  • #1
shivajikobardan
674
54
We want authentication ie
-> the source written in the received message should be the actual real source that sent the message.
->information should not be altered in the way (data integrity)

So to support this, book does this.
https://lh5.googleusercontent.com/O0EPmTw0NjpSQweCekoY_JY78p5WXbMFthmz5KAW1emOyyqF-HxZJpKNUPYvU6JZxNxLU_Lo3YG8oE6J9GjOEebIb2dwegOgIxiQVaYjIaN5d3MYRBjhyR3e2rxteM3r3CztTNZlxnITByE3Dw
https://lh4.googleusercontent.com/5fvGRRH0rOyoNJRz7Rg9ShGZG78eb-7x-oLupDCfEZIToqZJ5OmEMt7ETMXRvWnqsBeabTIYMwIhx2Ag2kgU59JwhWMp2KRPFKIDhBNOCoJGiz9PmgWExZePj9txg29Csx-J3Wb4N_0WGFI2_w
But I can’t realize how it is helping authentication? How do we know the source in the received message is actual source? (You might say by comparing the received hash and computed hash of received email message) but that I can’t feel it how.

Leaving PGP aside, What is the best way in real life to know that the message is sent to me by someone whom I know? Maybe if we have some well established secret code between us.

authentication means-:

1) when information is received from a source, authentication means that source is indeed as alleged in the information.
2) information was not altered along the way. this authentication is also referred to as maintaining data integrity.

RSA at sender-:
with sender's private key

My genuine questions(I am aware about symmetric and assymetric encryption-here the text explicity said public key for encryption and private key for decryption. Any scientific reason behind that)

{ Why not use sender's public key here?
Why not use receiver's private key here?
Why not use receiver's public key here?
}

RSA at receiver-:
with sender's public key.{ Why not use sender's private key here?
Why not use receiver's private key here?
Why not use receiver's public key here?
}
 
Technology news on Phys.org
  • #2
The reason why sender uses their private key for encryption and receiver uses the sender's public key for decryption is because of the nature of the keys. A private key is intended to be kept secret, while a public key can be shared freely. The private key is used to encrypt the message, ensuring that only the holder of the corresponding public key can decrypt it. The public key is used to decrypt the message, ensuring that it was encrypted by the holder of the corresponding private key. This ensures that the source of the message is indeed the alleged sender, as only they could have encrypted it with their private key.
 

FAQ: Authentication in Pretty Good Privacy Confusions

What is Pretty Good Privacy (PGP) Confusions?

Pretty Good Privacy Confusions is a type of authentication method used to secure electronic communication by encrypting and decrypting messages.

How does PGP Confusions work?

PGP Confusions uses a combination of public and private key encryption to verify the identity of the sender and ensure the confidentiality of the message.

Is PGP Confusions secure?

PGP Confusions is considered to be a highly secure method of authentication, as it uses strong encryption algorithms and is constantly updated to protect against potential vulnerabilities.

Can PGP Confusions be used for both emails and other forms of communication?

Yes, PGP Confusions can be used for any type of electronic communication, including emails, instant messaging, and file transfers.

How do I set up PGP Confusions for my communication?

To use PGP Confusions, you will need to generate a public and private key pair, which can be done using PGP software. You will then need to share your public key with the intended recipient to establish a secure channel for communication.

Similar threads

Replies
1
Views
677
Replies
8
Views
1K
Replies
1
Views
1K
Replies
14
Views
2K
Replies
4
Views
1K
Replies
2
Views
856
Replies
15
Views
3K
Replies
2
Views
1K
Back
Top