Email encryption uses digital certificates to authenticate, encrypt and decrypt the message. When a message is encrypted, the public key to decrypt it is sent along with the message to the recipient, the recipient then uses the public key to decrypt the message.
If the message was intercepted couldnt the attacker just get the public key from withing the certificate?
Yes they could and that is the point. The encrypter publishes the public key so anyone can encrypt their message with the public key and send it to the recipient.
But the public key doesn't allow anyone to decrypt the message. This is what the private key does. You confused the two.
Most encryption works using primes.
Pick two large prime numbers. Multiply them together so you have a composite. The composite is the public key. So you use this to encrypt messages.
To decrypt you need to know the two pair composite. And a composite prime number only has two integer prime solutions.
At the moment why this works is that it takes an incredibly long time to brute force a solution to a very large prime composite number.
As an example let's use two small prime numbers 3 and 7.
We multiply them together to get 21. This will be our public key.
To decrypt the message there exists only two numbers that make this prime composite, 3 and 7. Therefore this uniqueness can only be used for decryption.
Interesting reading .. I have a question though .. If its hard(rather than impossible) to brute force and find the key, would a MITM attack be able to collect what the private key is? I assume there is some hand shake where keys are exchanged?
if its hard(rather than impossible) to brute force and find the key,
It is impractical to try and find the public key. The only attacks that are imaginable in the forseable future would be a break through in physics (in particular, setting up enough "state" stablely in quantum computers to compute Shor's algortihm on the scale requires). If such technology was availible in 30 years, it would still require an attacker to have access to one (which might be made a controlled (and expensive) machine). It is hard to imagine sillicon-based computers ever breaking 4096 bit keys.
There are a class of asymetric cryptography that seems to be resiliant to quantum computers. The lattuce-based NTRU (which patenents will expire 2016) in particular looks interesting.
would a MITM attack be able to collect what the private key is?
Say you didn't validate the other person you're talking to, alowing for the posiblity of a MiTM attack. Even then, the person in the middle does not have any extra information on the two private keys. So not mathematically. It might open the possibility up for a side-channel attack though.
I assume there is some hand shake where keys are exchanged?
Yup. There are a number of algortihms, and the handshake itself is up to whoever makes the protocal.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.