I’ve been asked by various people recently about encryption for secure communications. This is a very complex topic involving very advanced principles. Implementing a method to communicate securely over a digital connection (such as e-mail or live chat) can be very difficult for the average user.
Over a series of blog posts, I shall attempt to give a basic introduction (offering a variety of links and videos) to public key cryptography and ways to implement it to achieve relatively secure communications.
Most people tend to do better with videos than with big blocks of text, so I’ll offer here a few videos that help explain the concepts involved. Some of them are old – one specifically is a 5 year old video, which is still current in its technical details because advances in cryptography come slowly, but all of these videos go a long way in explaining the specific concepts involved and the basic commands involved in using Public Key Encryption.
You may find yourself watching some of these videos a few times to fully understand the concepts involved. But once understood, the actual mechanics of generating the keys and encrypting the messages in Linux (or Windows) is relatively simple, though unfortunately not quick or convenient. This is why many people don’t bother to use public key encryption as it’s a bit cumbersome to use, but it’s still the best method to secure communications through the Internet.
Here’s the first video which explains the concept of public and private keys:
Understand that in public key cryptography people just freely share their open padlocks (public keys) with each other and populate “bags” or “key rings” full of open padlocks each with the various owners’ name on them, effectively creating an address book full of open padlocks (public keys) that can be used to encrypt messages or files to that specific owner of that freely shared padlock. This address book of open padlocks is what would be used to lock any message to any specific individual using their specific open padlock (public key).
So for example, all Captain Picard has to do in order to send a private message to Commander Riker is to reach into his “bag” and pull out his public “key ring” (which is holding his collection of public keys from all his contacts) and pull off a copy of Commander Riker’s open padlock, or public key (which was sent to Picard publically by Riker) and use it to lock the message.
Once locked, even Captain Picard cannot open it because it was locked with Commander Riker’s public key (or padlock) — a padlock for which Picard doesn’t have the corresponding private key — only Commander Riker has that key. Commander Riker never shares his private key with anyone – it’s kept safe and never transmitted.
In fact, private keys are actually encrypted themselves (to protect them in case of compromise), but that’s a whole other topic. I mention it just in case anyone is wondering what would happen if the private key were stolen by a break-in or other direct theft of a PC or hard drive on which the private key was stored.
Though, if you think your private key has been copied or taken by someone or if you’ve forgotten the password to access your own private key, you should revoke the key. Though, this depends on the use of Key Servers. It’s an advanced topic and likely one that I will not cover here – but you can research the concept of public key revocation if needed.
Below is a second video reiterating the same basic concepts of public/private key cryptogrpahy. In this video, the narrator gets into some heavy math. Ultimately, the more important part of the video for the layperson is the analogy of the colors.
Note: At 2min 39 seconds, the narrator says “42 mod 12 is congruent to 10” … he meant to say 46, not 42 … and he says as much in an annotation at the top of the video at 2min 39sec:
This third video is much longer (55mins). It goes over the basic concepts and usage of GPG (GnuPG) and offers an overview of public & private key generation as it happens in Linux. There is a copy available on YouTube, but it’s a relatively low resolution and difficult to read the text on the projector (http://www.youtube.com/watch?v=EWF1DcxvGRw). I have a higher resolution version of the same lecture which I’ve hosted here (below).
The original lecture (in higher resolution OGG video) by Hugo Mills can be downloaded at the Hampshire Linux Users Group website.
A more general introduction to some of the history of encryption and symmetric and asymmetric key encryption (in a more documentary and artistic style) is available here over a series of 8 videos in a YouTube playlist.
In Part 2 I will go over the basic commands (in Linux) to generate a public & private key pair, how to decrypt messages sent to you by others who have used your public key, managing the public keys you’ve received from others and how to encrypt & sign documents to anyone whose public key you have in your possession.