|
|
On 05/05/2011 05:37 PM, Warp wrote:
> Invisible<voi### [at] devnull> wrote:
>> A company that requires you to send files to them electronically using
>> SFTP, requires that it uses public key authentication, and emails you
>> the private key that you're supposed to use, unencrypted.
>
> I thought the private key can only be used to decrypt, not to encrypt.
An asymmetric encryption algorithm has an encryption key and a seperate
(but related) decryption key. Which one is the "public" key depends on
which one you make public.
If you make the encryption part public, then people can use it to
encrypt stuff and send it to you securely. If you make the decryption
part public, you can use it to sign stuff which other people can verify.
[In some algorithms, either key can be used for encryption, obviously
with the other key becoming the decryption key. For other algorithms,
the two keys are not equal and only one can be used for encryption or
decryption. But that doesn't really alter the point above.]
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|