I am creating a RESTful API web service and I need a way of implementing public and private key pairs.
I will use some of PHP's built in functions to create my o开发者_StackOverflowwn algo to generate both of the values for the keys.
I just need to understand the concept or logic behind the system in general.
example the client and the server have both public and private key values. Are the keys then combined using another algo on the client side that is decoded on the server side and if matched the resource requested is then shown?
or am I way off them mark? Any links or suggestions would be well apprecciated
There are a few algorithms that make use of private/public keypairs. The three common uses for them are: encryption/decryption, signing/verifying, and key agreement.
For encryption/decryption, data is encrypted using only the public key, and decrypted using the private key. An example for this is the RSA algorithm.
For signing/validating, data is signed with the private key, and validated with the public key. An example for this is the DSA algorithm.
For key agreement, there are two parties with their public/private keys. The parties exchange their public keys, and a shared secret is generated using the private key, the public key, and the public key of the opposite end. An example for this is the Diffie-Hellman (DH) algorithm.
As the names suggest, for any party, you never give your private key out. You can safely publish your public key anywhere you want. With only the public key, you cannot perform any of the tasks above that require a private key - and obviously figuring out the private key given a public key is not feasible.
精彩评论