On Thu, May 04, 2006 at 07:16:05PM -0500, Grant Thomas wrote:
> Thanks for the explanations, they are rather more indepth than I was
> expecting for an idle curiosity.
>
> Thanks for the verbosity and the need for clarification, they are
> always appreciated. As with many things, it is better to cut too long
> and adjust than to start short and really mess up.
>
> I did figure that the access control wasn't built into the scheme and
> would take an external ACL implementation to do something like this.
>
> In retrospect, I probably did have a slightly distorted impression of
> PKI, but the core I did understand.
> To all, thanks for the responses, they were greatly interesting.
>
> So, one final question:
> I would like to know more about encryption, the underlying
> infrastructures, etc. What would be, in the lists recommendation, a
> good place to start?
>
> Thanks for any help again,
I wasn't sure of the sense of your original question, but if your
reference to PKI was in relation to encryption for privacy (vs
euthentication) and access to the same encrypted material
using more than one key - then yes, that can be and is routinely
done.
For example, I use the 'EncryptToSelf' option for PGP:
If on, automatically encrypts all mes-
sages to your default key, as well as to the
intended recipient.
to add my personal key as 'master key' to any messages I
encrypt to send to others.
I don't know of any ciphers that inherently support multiple keys.
I doubt that it is possible to do without weakening the cipher.
The main thing to be aware of is that public key crypto are those
for which the ability to encode and the ability to decode are
separate - and this functionality provides solutions both for
the authentication problem as well as the 'shared key' problem
for secure communication between people that do not have a secure
communications link.
However the public key systems are normally computationally expensive,
so what is normally done when encrypting data is to generate a random
key and encrypt the data with a symmetric key algorithm, and then the
randomly generated key is encrypted using the PK algorithm and appended
to it. If you want multiple keys to be able to decypt the data, then
you encrypt the original key with each of the desired public keys and
append them all - which is what PGP does.
If you want to get experience with public key systems, both for
privacy and authentication (digital signatures), install and
experiment with PGP/GPG. There is plenty of good documentation
which will help you understand how it all works.
If you want to understand how all the algorithms work, then
"Applied Cryptography" by Schneier is probably one of the best
references I have found. For a more readable popular account,
try Simon Singh's book..
Regards,
DigbyT
--
Digby R. S. Tarvin digbyt(at)digbyt.com
http://www.digbyt.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
