0

I'm looking through libsodium-examples of public-key-cryptography and it seems the senders private key is used in addition to the receivers public key when encrypting the plaintext.

Extract from the relevant example:

The crypto_box_easy() function encrypts a message m whose length is mlen bytes, with a recipient's public key pk, a sender's secret key sk and a nonce n.

What is the point of this? My understanding was that the senders private key only was used when signing a message?

PureW
  • 4,568
  • 3
  • 19
  • 27
  • Ok, I guess my grasp of public-key-cryptography is lacking. I will have some reading to do... – PureW Jun 30 '16 at 21:03
  • @zaph but why is the encryption-code `crypto_box_easy()` in the example using the sender's private key? – PureW Jun 30 '16 at 21:24
  • You would have to know the use case. – zaph Jun 30 '16 at 21:45
  • Here is another take, it is not far if at all from reality. The developers just figure "put it in" and the PM is clueless so there it is. Thinking that the developers have a good idea of the usage is probably wrong. I know of one case of cryptographic developers of sophisticate products not knowing the difference between symmetric and asymmetric encryption even though they were working on it. When I was porting a unix kernel I did not have a good grasp of using unix ad was told tat there was not i.e. for me to take to learn, just make the file system work. – zaph Jun 30 '16 at 22:18
  • Possible duplicate of [Strange behavior of crypto\_box\_easy and crypto\_box\_open\_easy. Decrypt without private key?](https://stackoverflow.com/questions/39797321/strange-behavior-of-crypto-box-easy-and-crypto-box-open-easy-decrypt-without-pr) – Gilles 'SO- stop being evil' Mar 19 '19 at 01:44

2 Answers2

0

Digital signatures encrypt with the private key and are decrypted with the public key. This allows anyone to verify the signature with the signer's public key.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Yes, but my question is about the encryption step. In the referenced example, the sender's private key is used to encrypt plaintext to ciphertext. – PureW Jun 30 '16 at 21:25
  • That can be done but it shouldn't except for code signing. Since the public key is in general public that means that anyone with the public key (essentially everyone) can decrypt anything encrypted with the private key, there is no security there. But there are some very limited use cases where it might be desirable. – zaph Jun 30 '16 at 21:44
0

The libsodium documentation refers to an "authentication tag" which is explained in a different chapter in the following section:

This operation: 

 * Encrypts a message with a key and a nonce to keep it confidential.
 * Computes an authentication tag. This tag is used to make sure that
   the message hasn't been tampered with before decrypting it.

So what libsodium calls authentication tag is equivalent to the more common terminology of signing a message. Therefore it makes sense for the crypto_box_easy(...) function to take the senders private key as input since the encryption really is encryption and signing.

PureW
  • 4,568
  • 3
  • 19
  • 27