
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Intermediate and Advanced SSH
|
129
Public-Key Cryptography
A complete description of public-key cryptography (or PK crypto) is beyond the
scope of this chapter. If you’re completely unfamiliar with PK crypto, I highly recom-
mend the RSA Crypto FAQ (available at http://www.rsasecurity/rsalabs/faq/) or, even
better, Bruce Schneier’s excellent book, Applied Cryptography (Wiley).
For our purposes, it’s enough to say that in a public-key scheme (illustrated in
Figure 4-1), each user has a pair of keys. Your private key is used to sign things digi-
tally and to decrypt things that have been sent to you. Your public key is used by
your correspondents to verify things that have allegedly been signed by you and to
encrypt data that they want only you to be able to decrypt.
Along the bottom of Figure 4-1, we see how two users’ key pairs are used to sign,
encrypt, decrypt, and verify a message sent from one to the other. Note that Bob and
Alice possess copies of each other’s public keys, but both keep their private key secret.
As we can see, the message’s journey includes four different key actions:
1. Bob signs a message using his private key.
2. Bob encrypts it using Alice’s public key. (Aside from the fact that Bob has proba-
bly kept a copy of the original message, he cannot decrypt this message—only ...