Boofo wrote:One last question... do you HAVE to have a private key to go with the public key or could you just go with a public key for a user?
The short answer is, you need both a private key and a public key.
You know, I'd read so much confusing information on public key encryption that when I finally understood it, I was amazed how simple it really is. A question related to your question that I often see is this: If I accept a public key from a web site, how do I know it's really from that web site? To address your question about whether a private key is really needed, and to address the question I pose, I'm going to give you a blow by blow example that I hope will nail it.
You (
TheClient) remotely log into a server (
TheServer) that you know should be holding your public key. You create a secret message, use your private key to encrypt it, and send it to the server that purports to be
TheServer.
The server gets the message purported to be from
TheClient, decrypts it with TheClient's public key (which it has), uses its own private key to encrypt it again, and sends it back to you.
You get the message purported to be from
TheServer, decrypt it with TheServer's public key (which you have), and see that the message matches the original secret message. At that point, you know that the server you are logging into
must have TheServer's private key (and therefore you assume that the server is
TheServer).
The process is repeated in the opposite direction (server to client back to server). At that point, the server knows that the client that is logging in
must have TheClient's private key (and therefore the server assumes that the client is
TheClient).
So, what is the secret message? It's a random number. What is the chance that a bogus server that purports to be
TheServer can produce the correct encryption without having TheServer's real private key? That depends upon the length of the key.
I hope you now see 1, why both partners need both a public key (to exchange) and a private key (to perform checks), and 2, why it is important to safeguard your private key.
Okay, now to the question of trusting that a public key that you get from
TheServer is really from the server you think it is.
The first scenario is: Your friend personally gives you a print out of his/her public key. You take it and transcribe it into your key ring. You can have absolute trust in it because 1, you got it directly from your friend, and 2, you know that your friend safeguards his/her private key.
The second scenario is: You are emailed a public key by a company you do business with. When you put the key into your key ring, you get an MD5 hash of the key. You call a phone number that you
know belongs to the company and read the MD5 to them. They confirm that the MD5 is correct.
Edit (Sep 27, 2009): The next paragraph is wrong. It is based on SSL/TLS (which I studied long ago), not SSH (which is new to me). It dangerously misleads the reader regarding 1, connecting to a particular SSH server for the first time, and 2, the identity of the entity that approves the server's credentials when making said connection (specifically, there is no CA in SSH). I apologize to anyone mislead by my error and will post a correction in the near future together with links to more verbose presentations.
The third scenario is: You receive a public key from a company's web site. The key has been signed by a certifying authority (CA) that you trust. You check with that authority over the net and receive confirmation that the key is genuine.
That's it! Ciao -- Mark
Hi Christian! Delighted customer since 1999. License #37627