Permalink
Browse files

Adding some comments to async crypto.

  • Loading branch information...
augustl committed Jun 29, 2012
1 parent 782fd4c commit 1c9334c0012f0e81b462f457a29691e19a55443b
Showing with 24 additions and 2 deletions.
  1. +24 −2 encryption_asymmetric.rb
View
@@ -10,7 +10,7 @@
keypair = OpenSSL::PKey::RSA.new(2048)
pub_key = keypair.public_key
-# You can encrypt with the private key and decrypt with the public key
+# You can encrypt with the private key and decrypt with the public key.
encrypted = keypair.private_encrypt(data)
p encrypted
# => ...some unreadable binary stuff...
@@ -19,11 +19,33 @@
p decrypted
# => "Some private data is here."
-# And vice versa
+# If you send someone your public key, and you send them data that is encrypted
+# with your private key, the receiver can use this to verify that the message came
+# from you, since only the owner of the private key is able to encrypt data
+# so that it is decryptable with the public key.
+#
+# This is a common way of signing data for identity. For example, an SSL certificate
+# contains a signature, which is a hash of the contents of the certificate (up until
+# the bundled signature), encrypted with the private key of the issuer. Others can
+# then perform the same hashing of the contents of the certificate, and decrypt
+# the certificates bundled signature with the public key of the issuer. If the
+# signatures match, we're cryptographically certain that the certificate was
+# unaltered (or the hash would change) and that it was not issued by a man in
+# the middle (or the signature would be different).
+
+# You can also do encryption the other way - encrypt with the public key and
+# decrypt with the private key.
encrypted = pub_key.public_encrypt(data)
p encrypted
# => ...some unreadable binary stuff...
decrypted = keypair.private_decrypt(encrypted)
p decrypted
# => "Some private data is here."
+
+# This method is useful for transmitting data securely. Data that is encrypted
+# with the public key can only be decrypted with the private key. The public
+# key can not be used to decrypt. This has no practical drawbacks for the
+# party that performs the encryption, since that party also have access to
+# the original data. But when the encrypted data is in transport, nobody else
+# can decrypt the data but the owner of the private key.

0 comments on commit 1c9334c

Please sign in to comment.