Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesThe Wrong Key

May 1997 / Inbox / The Wrong Key

In your discussion of encrypting and decrypting messages (see the sidebar "Security: Who's Got the Key?" in the February cover story), author Michael Nadeau states that "the private key encodes the message, and the public key decodes it." This is correct for digital signatures but not for secure e-mail. In secure e-mail, you use the recipient's public key to encode the message; the recipient uses his private key to decrypt it. The problem is not "how to make those keys available to only the people you want using them." The public key should be accessible to everyone! To read the message, the recipient uses something that only the recipient has: the private key. At no time is there a need for secure channels to transmit information to anyone in the transaction.

Note that an e-mail message sent to many users cannot be bulk-distributed as in a nonencrypted scheme. The messa ge must be individually encrypted using each recipient's public key. This does increase traffic, but there is no known way around it that doesn't require a secure channel for key dissemination, short of creating public/private key pairs for eve ry conceivable combination of recipients needed. This still requires that private keys be distributed to several people, opening up the possibility of compromised communications.

Thomas Paul Karrmann
tkarrman@giddings.com

You are correct. I confused the terminology. The point I was trying to make was that most companies don't want the public keys to be truly public. To make an analogy between public keys and phone numbers, most individuals don't mind that their phone numbers are published, but few companies make their internal phone lists public. They don't want unsolicited traffic on the network. Your point about bulk mailing and encryption is an important one. While it may be pos sible to create "group-level" sets of keys, it is often too cumbersome to be practical. -- Michael Nadeau

Up to the Inbox section contentsGo to previous article: Taking SidesGo to next article: Bus No BottleneckSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network