Monday, May 13, 2002 02:57 PM
the Key is not same as the key used to encrypt
Ah, congratulations, you have independently discovered the "key distribution" problem in crypto, as Diffie & Hellmann (?) first categorized it.
Either the secret encrypt/decrypt key must be shared somehow in advance (symmetric, like in DES), so the encrypting and decrypting parties both know it, or else you must use an asymmetric public/private key scheme first, to distribute and share the symmetric (DES) key, which will be used subsequently.
Diffie & Hellmann's advance was the notion of the public/private key pair & algorithm, which could be used as a way to distribute the symmetric (DES) key, safely & securely, without an infinite regress, of requiring further shared secrets beforehand.
It's too computationally expensive usually, to use the public/private key pair for the entire encrypted session, so it's usually used just to distribute the symmetric (DES) key, which can be used for faster encrypt/decrypt operations, once it's shared successfully by both parties.
That is how PGP etc. work -- you encrypt your chosen/generated private secret symmetric (DES) key, using only my public key. You send it to me, and I decrypt it using my private key. Now I have the same private secret symmetric (DES) key, and we can use it from then on, to encrypt and decrypt our further conversation.