There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?

  • nomad@infosec.pub
    link
    fedilink
    arrow-up
    11
    ·
    7 months ago

    Great question: it’s called asymmetric cryptography for a reason.

    The key pair is built by the person wanting to receive private messages. The public part is made public an can be used to encrypt messages to the owner of the private key. Without it you cant read the contents.

    As this method is not really performance friendly, thus method is usually used to establish a symmetric encryption key for both parties that can’t be intercepted this way.

    In fact: if the attacker can switch out the public key for his own during transfer, he can use it to decrypt the messages and relay them to the first party, thereby revealing all the messages. This is called a man-in-the-middle attack. This is why authentication of the key is so important. This is usually done via a trusted third party.

    Sorry to be so short, I hope I have given you enough words to Google for further reading.