19

I have a follow up question to Given a private key, is it possible to derive it’s public key?

Are the public and the private keys the 'same' (in the sense that you just choose to make one public) or can you do more with the private key than with the public key?

EDIT - to better state my question:

When the two keys are generated, could I just randomly choose one of them to be the public key?

Community
  • 1
  • 1
laktak
  • 57,064
  • 17
  • 134
  • 164
  • I *think* this depends heavily on the encryption algorithm used. In some they are interchangeable, in others they aren't. This is related to this question: http://stackoverflow.com/questions/696472/given-a-private-key-is-it-possible-to-derive-its-public-key – Joachim Sauer Mar 30 '09 at 09:42
  • 2
    +1 for asking something I'd been wondering about for a while. – David Thornley Mar 30 '09 at 16:09
  • Related to http://security.stackexchange.com/questions/52495/can-rsa-keys-be-swapped for RSA. – Gnubie Feb 16 '16 at 23:29

4 Answers4

14

Some paper descriptions present roles of public and private keys as quite symmetrical but you definitely can't swap roles of private and public key in real world.

Common usage:

  • the public key must be used for encryption and verifying signature
  • the private key must be used for decryption and signing

There is several reasons for that:

  • you don't want to leave a choice to the user as to which key should be published and which not. The public key is published worldwide and you can consider it as your public identity. The private part is needed when you have to prove to someone else that you have more insight than others about this identity: you can read messages sent to it, you are able to sign messages that can be verifyed by anyone who knows your public id. If what part of public/private key to publish were left to the user you'll end end with users publishing both. But that's not the main reason.

  • when you have private keys, you really have both keys every common implementation I know offer tools to extract public keys from private files. That's true for pgp, gpg, openssl. It means so called private key files store both private and public keys as described in algorithms. That's by design.

For exemple with openssl the sequence of commands to generate a RSA key pair can be:

openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key

It should be clear enough that the first command generate both keys in the private key file and that the public key is merely extracted from it.

The consequence is that if your private key is ever compromized, both your keys would be compromized. The other way around is secure, you can't deduce the private key if you know the public key neither from the file nor from a mathematical attack.

  • encryption with private key is mathematically weak: well, the previous point is already enough, but some devious users could be considering using asymmetric cryptography keeping both keys hidden for exchanging data. Don't, use symmetric ciphering if you want to do that kind of exchanges. Yes it is possible to crypt a message using private key and decrypt it using public one (that's basically what is used for signing, but the use case is different as you also have initial message). Internal parameters of the two keys are not the sames and all the strongness of cryptography has been prooved only for the usual direction and common usage.
kriss
  • 23,497
  • 17
  • 97
  • 116
11

It really depends on what you call "private key." In almost every practical sitation, the sender knowing the private key also knows the public key. It provides others with its public key so it needs to know it. So in essence, that "private key" will contain "public key" information or at least it can be derived from it.

Generally, you cannot swap private and public keys. In fact, they are not always of the same type (depending on the cryptosystem used). For instance, in ECDSA, your public key is a two-dimensional "point" on an elliptic curve, whereas your private key is a number.

Mehrdad Afshari
  • 414,610
  • 91
  • 852
  • 789
  • 4
    In RSA, as the public key is calculated from the private key, switching them means your formerly private key is now the public key, and anybody could quite easily generate the formerly public key which you now use as your private key. Switching public/private keys in RSA makes RSA unsafe. – Martijn Jan 25 '13 at 14:33
2

From http://www.webopedia.com/TERM/P/public_key_cryptography.html:

A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.

An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.

TheTXI
  • 37,429
  • 10
  • 86
  • 110
2

No. That is the idea of generating a pair of keys in PPK world. You typically encrypt with the public key and decrypt with the private key. So you'd share the public key with your friends and ask them to use it when they send you their bank account number.

dirkgently
  • 108,024
  • 16
  • 131
  • 187