CryptoMessageInABottle/PublicSecretCrypto/README.md

49 lines
3.1 KiB
Markdown

# Build a mechanical representaiton of encryption and signing via public/secret key systems
Inspired from https://blog.vrypan.net/2013/08/28/public-key-cryptography-for-non-geeks/
create a lock with 2 keys of which one can only unlock and the other can only lock
Either the lock in in a box and allows to open it, or the design is like a padlock and allows to lock/sign any item
Prototype is done and people are amazed. This sounds good.
# How to run this workshop
Asymetric cryptography adresses the problem of key transmission.
You have a public key which everyone knows and a secret key which only the reciever knows.
The keys are generated by the reciever who then publishes the public key in a "phonebook"
* show the padlocks with the 2 locks and the public keys. Take the secret key out of a pocket. "never give this anyone"
* show that there are 2 sets of padlocks and keys. The ones for Alice, and the ones for Bob
* IMPORTANT: show on a separate lock that there is a one-way function on the lock. It only turns one way around. This is the whole secret behind asymetric encryption systems. WIth one key you can only go in one direction, and never back.
* Chose kids who play Alice and Bob
* Alice wites a message and put it in an envelope/box. close the box by using the padlock and public key.
** but which key to use? Remember, the keys are created by the reciever. So we need to use Bob's public key.
** insist that the padlocks and public keys are accessible to anyone. Only the secret keys are... secret
* Bob recieves the box, and can unlock the padlock with his secret key
** he is happy for the message
** but who wrote it. It says Alice, but anyone could write that, then use Bob's public key and send it to him
* Signing
* Alice wants to prove that the message comes from her.
** Show that the padlocks have a second function. If you use first the secret key
** Alice writes her message, then attaches a padlock to it and closes it with her secret key. only she has that key.
So she is the only one who is able to close the padlock that way.
** Alice puts the message with the padlock-signature into a bo and encrypts it with the reciever's (Bob) public key.
** Bob recieves the box, aand decrpyt with his secret key
** He sees the message with Alice signature
** He veryfies the signature by trying to open the lock with alice's public key. It works! So that proves that the message comes from her.
* Certification authorities
* You can verify a signature, but for that you need a public key. Anyone in the world coud say "I am Alice, here is my key". So we are back to starting square.
** Some higher instance needs to prove that the public key is the one of Alice. That is called a certification authority.
** The certification authority signs the public key. This creates a certificate.
** But who signs the certification authority's public key?
** another certification authority, and so on... at some point you need to trus some authority
** Web browsers come with built-in certification authorities which the browser trusts. That's how the websites prove that they are who they say. Show a webbrowser's CA list.