Thursday, September 10, 2015

How are PGP keys used for server - client communication ?

When we generate a PGP key-pair, we generate one public key and one private key. When we want to send someone an encrypted document, we encrypt it using her public key. And when we want to decrypt a document send by someone after encrypting it with our public key, we decrypt it using our private key. In this way, an encrypted document is shared using PGP. 







So, Private keys are mainly used for decryption and signing and public keys for encryption and verification.

We can use PGP in server-client communication also. In a server-client communication, when we generate a server key, it is used for encryption and decryption during secure file transfers using FTPS, SFTP and HTTPS. This server key has a public key and a private key. The public key is used for encryption of files at the client side and the private key is used for decryption of files at the server side.

On the other hand, the client generates a client key which is used for signing and verification or authentication purpose, at the start of secure file transfers. This client key also has a public key and a private key. The user uses the private key to sign at the client side and the server uses the corresponding user's public key to verify the digital signature, and thus the user's identity.

Let's take a small example. If Alex wants to send a file to certain directory in the file transfer server, Alex has to first authenticate himself. A client key is generated and the public key is transferred to the server. The user then uses the private key to sign and encrypt data and the encrypted data is sent to the server. The server verifies the data with the public key and authenticates the user. 


On the other hand, the server will generate a key-pair and send the public key to the client. The client will use the public key and encrypt the file that the user wants to send to the server. The server will decrypt the file and store it.

The advantage of PGP is, PGP key generation is more versatile. It can be used for encryption and decryption purposes as well as signing and verification purposes.

No comments:

Post a Comment