Mein Public Key
On this page, you can download my public key. Or, if your email program does not support raw public keys, you can also download my certificate which conains the public key.
 |
 |
What is it good for?
The simple and short answer: Once you have imported the key into your email program, you will be able to send me an encrypted message. This means no one except me can see the contents of the email even if they get hold of it.
That is important for sending PINs, passwords, email addresses or other personal data. But beware: attachments are not encrypted. So if you want to send a secret document you would encode it (PDF and word-documents support that for example), attach it to the email and send the password in the encrypted text part of the mail.
The longer answer: A public key is one half of an asynchronous cypher. The other half is called the private key.
This also explains why it is called asynchronous: The key to encode and the key to decode are different. The most used asynchronous cyphers is RSA (named after its discoverers Rivest, Shamir and Adleman).
A very useful feature of RSA is the symmetry: A message encrypted with the public key can be decrypted with the private key and vice versa! This is a very interesting feature! Depending on which key is used for encryption, the cypher is used for a different application:
- Security: As described in the short answer before. You encrypt a message with the public key and only I can decrypt it with my private key.
- Integrity: I create a checksum (hash) from the message that I want to send you and encrypt the checksum with my private key and send it along with the message to you. You can decrypt it with the public key and check wether the message has been altered by computing the checksum yourself and comparing it to the one I sent with message.
Certificates
You might have heard of the term digital signature. And maybe you have wondered how it is possible to sign something digitally since in terms of computers anything can easyly be copied. So why not copy a digital signature?
To explain how it works, we have to go back to the second application of RSA. Proof of integrity. If you think about it, you will see, that most important pre-condition for this idea to work is that you can be sure that you have truely my public key!
Now, for my public key you can be sure because you downloaded it from my homepage (see my name in the domain). But what about others that don’t have their names in the domain or don’t even have a homepage? They could send it to you via email but that email has no proof of itegrity yet! So some evil person could possibly substitute the homepage URL or the public key in the mail to his URL or key. Once he accomplished that, he could change messages in your mailbox and calculate his own checksums and append it. When you receive it, your email program would tell you that the message has not been altered.
Now here is the idea: Let’s say your friend Kelly wants to send you her public key so in future she can send you important messages that may not be altered but as seen above, she can’t do it via email. Fortunately she lives right next to my door and you know that you can trust my public key! So she asks me to use my computer to send you her public key. What I should do for you then, is to ask her for her ID so I can be sure it’s truely Kelly.
Unfortunately she comes in every night to write the public key to someone else. Finally we are clever and write a document stating her name, the public key and the url for my public key. I calculate the checksum and encrypt it with my private key. Now she can hand this document to anyone she wants. Voilà! The first certificate was born!
How is it done practically: The Deutsche Telekom is one of a few root authorities in the world. Any Windows oder Apple computer has their public key already installed because Microsoft and Apple trust them. Then someone from Deutsches Forschungsnetz went to Deutsche Telekom with a digital certificate (stating their name and public key among other things) and asked them to calculate the checksum of the certifcate and encrypt it. Now they have a trustwothy certificate because everyone can proof it with the public key of Deutsche Telekom. Also they cannot change the content of the certificate because that would lead to another checksum which Deutsche Telekom signed.
Then someone from Universität Karlsruhe went to Deutsches Forschungsnetz and did the same. Finally I went to my university, showed my ID and asked them to sign my certificate.
What happens when I send you an email
So whenever I write an email to you, my mail program automatically creates a cecksum of the mail contents and encrypts the checksum with my private key and appends it to the mail as well as my certificate.
When you receive the mail, your computer extracts my public key from the certificate and decodes the checksum of the mail and compares it to the one it calculated it self. If they differ you will see a message, that the mail content has been altered. If they match, you mail program tries to verify my certifcate/public key.
Therefore it downloads the certificate from Universität Karlsruhe (download URL is in the certificate) and does the checksum test on my certificate. If that fails, it will tell you, that my certificate is not trustworthy and that you might be at risk. If my certificate has not been altered, it’s got the check the trustwothyness of Universität Karlsruhe by downloading the certificate from Deutsches Forschungsnetz and then it sees that it’s signed from Deutsche Telekom which is trustworthy and in the end will tell you, that the email you received is truely from Rolf Haynberg and that it has not been altered in any way.
What do I need it for?
More and more of our everyday live is shared via the net. Certificates could make live easy. There are many applications: BAföG-Anträge could be done via email if my university (the actually do!), banks and landlord would sign the documents digitally. Account openings and many other things that require a signature are good examples.
The encryption with a 2048 Bit key is even more secure than a signature which can be faked easily. It’s rather a question of saving it properly.
Another important reason for certificates I see in fighting spam. Imagine a world where everyone has a certificate. Then you could adjust you mail program to only accept emails that are certificated. So what can spammers do? If they send you spam, you have their name from the certificate (they had to show their ID) and they can be convicted. Otherwise they send it without a valid certificate and you won’t rec