A has a message that he wants to send to B , without a third party being able to

Question

A has a message that he wants to send to B, without a third party being able to learn the contents of the original message.

A encrypts the message and sends it to a server. The server decrypts the message somehow, and sends it to B. This way, no one would know what was the original sender, because the server will send it to the destination.

But if the server encrypts the message again, how will B be able to decrypt the message? If B knows how to decrypt the message, then any third side would also know.

What is the solution?

Explanation / Answer

Server distribute respective private keys to A (PrivateKeyA) and B (PrivateKeyB) and stores their public keys (PublicKeyA and PublicKeyB) within it's database.

Now any of the user (eg A) generates a random session key (K) and encrypts this key with its own private key (PrivateKeyA). Since server has public key of A, it can decrypt the encrypted session key.

Now it encrypts the same session key (K) which it got from A with B's public key and sends it to B. Now since only B knows the corresponding private key, only B can decrypt the encrypted session key to deduce the key K.

Now A and B share a session key, which they can use to safely communicate with each other.

For exchanging session key the the algorithm uses asymmetric cryptography and for communication it uses symmetric cryptography technique. The only thing to keep in mind is that either user must be capable of generating a good and strong random session key.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.