If yes then they are really not a pair.
I was trying to figure out how ssh git#github.com resolves my name using my private key. SSH debug suggests public key is passed to server.
Yes, it is possible.
Sidebar: I'm not sure what you mean by, "they are really not a pair". A pair is when you have two things. A public key and a private key are two things, ergo, you have a pair. The fact that you can derive one from the other is immaterial.
I don't know how github does this, but my guess is simply that they use the public key to identify your account (your public key is unique, pretty much by definition).
I hope this answers your question. I have a feeling I'm not quite getting it.
No, it's not possible.
Neither private key, nor public key cannot be produced form the other one. Remember, private key is the same as public key by design and we call them public or private optionally (keeping one of them private and reveal the other).
Related
my old laptop suddenly died and I need to recover my private/pub keys.
I manage to recover the files from the HD but I have around 400 private keys.
I know tho, my public key.
Is it possible to figured out which one is the right private key associated to that specific public key, looking among a set of 400 keys?
Any tips is very welcome!
We are running a project which contains some maps.
We have this under the node:
root.maps //object
It is a list of maps, in case some are private and some are public. Which is under the node:
root.maps.$mapId.config.isPrivate //boolean
root.maps.$mapId.config.uid //string
Now we have a problem. We listen on the maps node for changes, but we want only to return the public nodes, and the private nodes of the user.
So we added rules but it does not seem to work. The maps are either all displayed or none. When we try to set a restriction on a map itself it does not work.
Now after some searching on the internet we read that in order to manage the security rules well the private and public maps should be moved to private or public nodes.
So like this
root.maps.private.$mapId.uid
root.maps.public.$mapId.uid
Which I can't believe is true. In order to change this boolean value, we have to move the complete node from the public to the private node.
Is this really how this database should work? It does not sound logical at all to me.
Is there any other way on how to filter this data based on rules (maps should not be known to the client, client side filtering is not an option)
And if the really strange case of moving complete nodes based on changing boolean values is really true.
What is the idea behind it? This can't be true right?
In RSA,
I understand that if a data is encrypted using public key, corresponding private key can be used to decrypt it and vice versa. But :
Data encrypted using public key can be decrypted using same public key?
Data encrypted using private key can be decrypted using same private key?
This property is same for other public key algorithms too?
Data encrypted using public key can be decrypted using same public key?
No. That would defeat the purpose, because everyone knows the public key.
Data encrypted using private key can be decrypted using same private key?
No. That would defeat the purpose, because then you cannot send anyone an encrypted message (without knowing their private key, which by definition you don't).
Symmetric cryptography does work this way, though. There is only a single secret key, that you can use to encrypt your files before you put them on Dropbox, or that you can share with your friend to send messages that only the two of you can read.
Also, in some public key systems, it is possible to derive the public key from the private key (not the other way around, of course). But this does not really change the principle (because the public key is known to the owner of the private key anyway).
This property is same for other public key algorithms too?
The definition of public key cryptography is that there is a key pair, consisting of a private half and a public half, one of them being used to create the message, the other to read them.
I am creating an encryption strategy for a lab project and want to know if there exists the capability to create a public key from just the private key?
Otherwise, can the public key only be created at the same time as the private key from some key generator?
P.S. A quick google didnt really help.
Private and public key are created together. Also, the standard storage format for a RSA private key includes all the public key fields, because it is useful for optimized implementations and masking (protection against some side-channel attacks). See the RSA standard itself: PKCS#1.
Edit: question has been edited, it was originally RSA-only. For other asymmetric algorithm, there is no requirement that the public key may be derived from the private key, nor is there any requirement of the contrary. For discrete logarithm-based algorithms (Diffie-Hellman, El-Gamal, DSA, and the elliptic curve variants of all of these), the public key is easily computed from the private key. It is possible to conceive a degenerate RSA in which knowledge of the private key does not allow reconstruction of the public key, but this requires not storing a few key elements which are needed for good performance (in full details, storing the RSA modulus factors allows for a 4x speed enhancement through the Chinese Remainder Theorem, so everybody stores the factors). On a more conceptual basis, the public key is, well, public, so it is assumed that "everybody" knows it; in practical terms, private key storage format almost always include provisions for storing the public key as well, or at least sufficient data to rebuild the public key.
Yes, you can do this (for some, probably not all, pkc schemes). From the ssh-keygen man file:
-y Read private key file and print public key.
Depends on the algorithm. With RSA, you cannot, with EC you can. However, the public key is usually always stored together with the private key (not the other way around, though, of course), so this is not really a problem (if you have the private key, the same file also includes the public key).
Extracting public RSA key from a private key from the command line
Command line comparison to show there is no difference between a public RSA key and an extracted key if you ignore whitespace.
Generate public private key pairing under home directory with no passphrase and no coment.
ssh-keygen -t rsa -f ~/id_rsa -N '' -C ""
Generate public key into file 'extracted_public_key'
ssh-keygen -y -f '/home/vagrant/id_rsa' > extracted_public_key
Diff public key with 'extracted_public_key' file ignoring white space.
diff -b id_rsa.pub extracted_public_key
Ignoring whitespace at the end of id_rsa.pub there is no difference between a public key and an extracted key.
Actually the public key is mostly generated with the private key together.
If you lost your public key but got the private key, you can still recover the public key from the private key.
All you have to do is to extract the public key from the private key like below:
Extracting the public key from the private key:
ssh-keygen -f~/.ssh/test_rsa -y > ~/.ssh/test_rsa.pub
-f option specifies the file of the key to list the fingerprint for
-y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension.
NOTE:
If the key has a password set, the password will be required to generate the public key.
if we can access the private members through setters and getters then what is the use of private?
You need the private to enforce Encapsulation. It is one of the fundamental paradigm of Object Oriented programming to keep the implementation of something separate from the interface. This reduces the coupling between your different program parts and in the long run make it more maintainable.
Take the following example :
class toto {
private String someThing;
public String getSomething();
public void setSomething(String Something);
}
If you change above to simply put someThing public, sure you have less code, but if one day that someThing needs to change to a more complex object for some new functionality while the old code could still work fine with a string then you need to change everything. By isolating the internal representation of someThing you can evolve your system much more easily
class toto {
private ComplexSomeThing someThing;
public String getSomething(){ someThing.toString();}
public void setSomething(String something){ something = new ComplexSomeThing(something);}
public ComplexSomeThing (getComplexSomething();
public void setComplexSomething(ComplexSomething someThing);
}
There are other reasons that makes encapsulation a Good Thing (tm), this is just a silly example to illustrate the point.
EDIT
There is somewhat of a debate right now as to using protected vs private or to use concepts akin to properties in some languages (Delphi, C#) rather than getters and setters (as in Java).
Protected rather than private will allow easier changes by the clients of the code but it does expose the innards of your system more so there is a balance to strive for between usability of the API and it's maintainability. However the basic principle of encapsulation remains.
Whatever the option chosen one still needs to expose functionality that is coherent and on the same level of abstraction and hide the gory details of how this is done.
To me the debate is not to declare a jihad against private but to find a way to provide extensibility and flexibility while not breaking the coherence of the API.
Here some interesting reading about private if you want to dig further. However I must stress that before forming an opinion about private you should really master the concepts of encapsulation and polymorphism, their apparent simplicity does hides some subtle complexities.
Because the getters and setters can act as a proxy. They make it so that you can hide the actual insides of the class, and only let the outside classes access the data through methods. Allowing you to treat the inners of the class however you want.
Just because your getter/setter is named getName() and your property is called name, doesn't mean it will always be that way.
What if you wanted to change the variable to be fullName. If you directly accessed public variables, the change would break a lot of code. Instead, you can simply remap where getName() retrieves its data from.
One of my best examples of this is my own URL class, where I allow for creating and manipulating a URL. If you want to set the scheme, you can get $obj->setScheme(). However, you don't know whether I am manually making the string every time you change the URL, whether I am storing them as separate parts. This gives me flexibility as I can store your data however I want to.
Furthermore, I can preform manipulations on the data before storing it. In my URL class, I assume that all schemes and host names are lowercase. I can standardize this by converting all strings saved via setHost() to lowercase, and then storing them. If I used a public variable, you would have to assume that the client that put the data in was correctly storing it.
They can also validate information that is being passed in to make sure that it is valid data, and cause an error if it isn't.
No one forces you to put in getters and setters for every variable. Indeed, blindly using private members + dummy getters & setters for every variable is pointless, even though many "object oriented encapsulation" tutorials do this all the time for some reason. For one thing, such encapsulation is no encapsulation from concurrency viewpoint.
I think what you really want to understand is why we use public properties with private backing fields, instead of just using public fields. There are several questions on SO like this; here's one:
What is the difference between a Field and a Property in C#?
I think you have good answers so far (information hiding and all that). Just want to add a suggestion about using setters.
As you mentioned using accessors makes private variables a bit pointless and in some environments performance consequence of using getters and setters just makes it worthless.
On the other hand if you don't have such concerns, I think using getters isn't so bad, but you should think twice before using setters. They make your object mutable which is especially hard to maintain in concurrent environments.