Asymmetric encryption-algorithm

I decided to understand how RSA encryption works.

Here is the algorithm that I got working the first time. I use php and the openssl extension

Data encrypted with a public key can only be decrypted a private key.

  1. The client generates 2 keys public and private.

  2. The client passes the public key to the server. Let's say the POST request is

  3. The server generates a random password. And keeps it somewhere to himself.

  4. The server also encrypts this password with an open key received from the client.

  5. The server sends the encrypted password back to the client.

  6. The client decrypts the received password with its private key. That's it!

We have achieved that on the client and on the server we have the "synchronized" same password, which can then be used for symmetric encryption.

Is this algorithm correct? It is not clear why you need to exchange public keys? After all, in the literature they write about the exchange of public keys. Isn't such an algorithm enough?

Author: Barmaley, 2019-06-01
Source

1 answers

In general, you got the idea right. Only with the keys, it's the opposite. The Public Key should not be passed from the client to the server, but from the server to the client:

  1. To make sure that the public key is actually received from this server, the client receives the key from the server not just in an X. 509 certificate signed by the CA (Certification Authority).

  2. To make sure that the certificate is actually signed by the specified CA, the client decrypts the signature using its existing in the browser or OS of the CA public key.

  3. Based on the server's public key, the client creates a shared (shared) key and stores it.

  4. The client encrypts the created shared key and transmits it to the server in encrypted form.

  5. The server decrypts the encrypted shared key using its private key and thus gets the shared key from itself.

  6. Handshake took place. Next, the client and server having a shared key can exchange symmetrically encrypted data.

                  Client                                  Server
                   | Hello -------------------------> |
Creates Common Key | <-- X.509 with server public key |
                   | Encrypted Common Key ----------> | Decrypts Common Key
        Common Key | <---- Symmetric Encryption ----> | Common Key
 0
Author: pazukdev, 2021-01-27 10:05:13