I don't know shite about:
Public and Private key cryptography
What can we do with them?
With the power of cryptography, you can turn perfectly readable content into incomprehensible garbage. Great for hiding your secret "guilty pleasure" playlist from prying eyes.
Encryption usually incorporates something you want to encrypt. Let's call it a message
and a key
that allows you to lock (or encrypt
) and unlock (or decrypt
) the message
. The last ingredient is an encryption algorithm that uses your key
to turn your message
into something that doesn't resemble the original message
anymore.
But the "one key opens one lock" system only works flawlessly if you don't need to share the key with anyone.
Because then, the question arises: How do you safely transfer the key
to a trusted party? Send them an Email? A carrier pigeon? A letter? None of these options sounds terribly convenient or safe.
This is where public
and private keys
come into play.
TLDR;
Public
and private keys
can be used to hide the content of messages from strangers but expose them to trusted parties. They can also act as a way to verify the integrity of a message
.
Encryption
Imagine instead of 1 key
you know have 2 keys
.
Your private key is your own little secret You never share it with anyone
Your public key on the other hand should be openly shared.
Those 2 keys
are created from the same function and are inherently connected. You can encrypt messages with your private key
and decrypt them with your public key
.
But wait? If everyone has your public key
, anyone can decrypt your messages. This doesn't sound secure at all. But stick with me.
One can also encrypt a message
with your public key
and decrypt it with the matching private key
.
It starts to make more sense if we introduce a second pair of keys for your friend. An example will shed light on this.
You want to send your "guilty pleasure playlist" to your friend Mathilda, but you are concerned by the thought that someone could read the playlist's content while it's being transmitted. To protect the message
, you encrypt it with your friends public key
. Now the message
can only be decrypted with her private key
. So only she can read it. Profit!
Interactive node.js message encryption
Verify message integrity
There is only one problem with this example. If someone interferes with the transmission between you and Mathilda, they can create a new message
with Mathilda's public key
and pretend it is coming from you. What if they add your least favourite song to the playlist? Mathilda will never talk to you again if she finds out you listen to Wham!(I hope you your friends aren't that judgemental)
But fortunately, your keys can also help you with this challenge.
You remember you're the only person with your private key
? We can use this to our advantage and encrypt your playlist with your private key
. This won't prevent anyone from reading it. But Mathilda can now be sure the message
is coming from you because she can decrypt it with your public key
. If this is not possible anymore, the message
has been tampered with.
Interactive node.js message verification
There is also a way to combine those two methods to protect the message
from prying eyes and verify message
integrity. But this a story for another post in the future.