She can’t, because she doesn’t have Bob’s Private Key. You might be thinking of Signatures though, which is a different process. Details here: https://www.youtube.com/watch?v=_zyKvPvh808

Web browser sends the Public Key in the form of a Certificate. The Certificate is signed by the CA. The web browser already has the CA’s Public Key (this in fact is what is meant when we say the Web Browser already trusts the CA).

The browser then uses the CA’s Public Key to verify the CA Signature on the Certificate. If this succeeds, this links an Asymmetric Key Pair to the Certificate’s Subject (the Web Server).

If that doesn’t make sense, I’d suggest subscribing to my youtube channel. In a few weeks I’m going to release more Cryptography videos regarding TLS and SSL which will explain all this. They are sample videos from my full TLS course:

https://classes.pracnet.net/courses/practical-tls

Hi Ed Sir,
Web server will send its own public key signed by a 3rd part’s private key in a form of CA to your browser. Your browser will decrypt the CA with 3rd part’s public key. If succeeds, it proves the public key is true from web server. Is it in the real world?

Thanks
Emily

The keys exist within a key pair. Sharing one set across multiple people would defeat the primary benefit an asymmetric key pair — the fact that you never have to share the key. If you have to share the key and you can do so securely, then Symmetric encryption will provide more security (per bit of key size) and faster speeds.

So yes, a key pair must be owned by a single entity.

Now, if Alice has a public and private key, Bob can use Alice’s public key to securely exchange a symmetric key. So it absolutely is possible for there to be only a single party with a Public/Private Key and for secure communication to exist. Notice in the “Real World Usage” section, Bob’s public and private key are never used, only Alice’s. In fact, this is what happens with TLS/SSL when you browse to a website, your browser doesn’t have a public/private key, but the web server does.

Great question!

In most “secure” communication protocols, there is a step after the exchange of the keys which validates that the right person has the right keys. For instance, in TLS/SSL, the “Finished” message serves this purpose.

Essentially the way it works is, the “Key Exchange” process outlined above is combined with the “Signatures” process. In simple steps, Bob will encrypt the Symmetric Key with Alice’s Public Key, then “encrypt” that with his Private Key. This means anyone can verify it was definitley sent from Bob, but only Alice can extract the actual Symmetric Key.

Glad you enjoyed the series. Good questions!

A related question is, once Alice receives the encrypted symmetric key. Is it a trial and error to decide if she has to use –
1. her own private key to decrypt
OR
2. Use Bob’s public key to decrypt the message.
How does Alice decide which key to use to decrypt the message? Try 1, next, try the other, next, ….!

Crypto novice questions, showing my ignorance. 🙂
Great series, very helpful. Appreciate the effort.
Thanks.

– m

Hi Sunny. Good Question.

In reality, the original message is not actually encrypted with the Private Key.

The message is sent through a hashing algorithm, and the resulting digest is encrypted with the Private key.

This allows the receiver (Bob, in this case) to decrypt the digest with the Public key, and compare it to a hash he calculates on the received message. If they match, then it proves the message wasn’t changed since Alice sent it, and only Alice could have created the included digest.

More details on this in the real world signatures section.