Agreed. I was thinking in terms of the TLS exchange during which the client uses the public key to send a symmetric key to the server.
I should have read the text further and more literally. Sorry about the confusion. Nicolas Therrien ing. Senior Software Engineer Airbus DS Communications home of VESTA® 200 Boul. de la Technologie, Suite 300 Gatineau, QC J8Z 3H6 Canada 819.931.2139 (DIRECT) www.Airbus-DSComm.com -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, December 4, 2017 2:58 PM To: users@tomcat.apache.org Subject: Re: Trying to understand How Tomcat uses Keystore for SSL On 04/12/17 19:20, Nicolas Therrien wrote: > " Asymmetric encryption uses a public and a >> private encryption key. The public key, which as its name states, is >> public, i.e. it is available to all. The private key is and must be >> closely guarded. A message encrypted with the private key can be >> decrypted by the public key and vis-a-versa." > > This is not true. Yes, it is true. > > The principle of asymmetric encryption is based on the fact that this is a > one-way communication channel. Only the public key can encrypt data, and > only the private key can decrypt data. The above statement is incorrect. > This is not reversible. The private key cannot be used to encrypt and the > public key cannot be used to decrypt. So is the statement above. > This is why it is called asymmetric, as opposed to symmetric where both ends > can both encrypt and decrypt. Again, no. It is called asymmetric because whichever key you use to encrypt, you must use the other key to decrypt. In symmetric encryption there is a single key that encrypts and decrypts. As an aside, encrypting with the private key and decrypting with the public key is a key element of how digital signatures work. I recommend viewing the "Introduction to Tomcat and TLS" presentation from this page: https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_presentations.html&d=DwICaQ&c=V9FsLrJ7wYRfgsJ_KHoq2BENyO08hg3hD97KYyc_QQg&r=ZZk8MXVrcZaLkCc_2C7UFhVW7Nb2LjIIa0VSNP2uvtnzxufjwl_gt-oLYrhgql55&m=-88nWY3ukSpK6pjmbNDfKWWcmr0DUrFdu3QQktOfMLI&s=rGi1lxExpzMxuwq6pykrS5RJosFgcea37gIQJyaFiCg&e= It is a little simplistic, but it covers the basics. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
