Monthly Archives: May 2014

Spotlight: Public-Key Cryptography

Christian M. Schmid,
, ,

Public-Key Cryptography is a truly magical thing and I often wonder why we don’t use it more often. We go on and complain about how it is too easy for government agencies to look into our digital lives, while we do have all the tools to prevent it. Only we don’t use them and we don’t seem to ask facebook, gmail and so on to use them – not that they would. The funny part is that it would not require a lot of effort, because computers could automatically do all of that stuff in the background. All that would be needed is that we were able to securely store one, long password (the private key).

In a nutshell public-key cryptography is a mathematical concept that allows us to encrypt a message that is intended to be read by just one person and to sign something to guarantee that it really came from you.

Let’s take a closer look: public-key cryptography is based on a pair of keys, lets call them #1 and #2. When one uses key #1 to encrypt a message one can only decrypt it again using key #2. The same is true for a message encrypted with key #2 – it can only be decrypted using key #1. In other words the two keys are kind of reversible operations that work in both directions. For instance

  • Plain text -> Apply Key #1 -> Cypher Text -> Apply Key #2 -> Original Plain Text
  • Plain text -> Apply Key #2 -> Cypher Text -> Apply Key #1 -> Original Plain Text

but

  • Plain text -> Apply Key #2 -> Cypher Text -> Apply Key #2 -> Nonsense
  • Plain text -> Apply Key #2 -> Cypher Text -> Try something -> Nonsense

In addition to that it is important to know that it is (almost) impossible to find the keys from the Plain text and/or the Cypher Text.

Usually a person or entity (lets call this entity Alice) creates a pair of keys, where one is made public (the public key) and where the other key is kept secret. There are two typical use cases:

  1. Anyone can encrypt a message using the public key and send it to Alice. Only Alice and nobody else (e.g., someone who intercepts the cypher text) will be able to read the plain text when only Alice knows her secret key. – This use case is also called “Public-key encryption”.
  2. Alice can encrypt a message using her private key and send it to anyone. If it can be decrypted using the Alice’s public key, one has a guarantee that the original message really came from Alice. – This use case is also called “Digital signing”.

The secret key is Alice’s crown jewel that she must not lose or share with anyone, because anyone in possession of the secret key can do what Alice can do. Well that is why it’s called the secret key.

Again, all of this can stay in the background and as it can be done for you by software on your computer/phone/…, that has access to your locally stored secret key. If you are interested in implementing some of this stuff in your life, you might want to take a look at

Just by reading this article and by understanding it, you should have a pretty good idea about what level of protection encryption can give you and where potential problems may lie. Again, never forget: your secret key is your crown jewel that you must never share and that your software must never leak. By the way, this is something that is especially hard to check with closed source software and also something that the heartbleed bug may have caused.

I am from Europe

Christian M. Schmid,
, ,

“I am from Europe” is a phrase that I’ve found myself using quite frequently lately. I don’t just use it because Europe is much easier to explain than ___________ (fill in any European country you can think of), but because Europe is more than that.

I mean of course the statement is true from a geographical perspective, but then again it is more than that. Europe for me is the notion that there is this geographically large region that is so diverse in terms of culture and lifestyle but that still shares a set of unwritten core values, that every one of us can relate to and rely on.

I am aware of the stereotypes that all of use have. Germans are overly correct, the British can’t cook, Polish people are ueber-Catholic, Greeks are lazy and Spanish men are macho men on siesta. However if you dig deeper, if you are willing to immerse yourself in one or more of the “other” European cultures, you will find that there are more things that we have in common than those that separate us. – I mean except for the French, who I never really liked or understood. But then again, they enrich our union as much as you and I do.

Sometimes I am wondering what Europe must look like from the outside. Probably like someone suffering from Schizophrenia. Someone with so many voices inside and no clear, single voice to the outside. But that is alright, because when it comes to the important issues, everybody can and should rely on our common understanding. We do believe in human rights, in social welfare for those who need it and in an economic system that encourages everybody to thrive based on his or her personal talents but one that should leave nobody behind.

From the inside it is probably a little bit like marriage. – There are good times and bad times, and things are far from perfect. Every now and then we are put on trial, and at the same time we often don’t appreciate what we have because of the union. But even if one party has to give in and do something that might hurt, we are better off as a union.

At the end of the day it comes down to this: I am in awe of what Europe is and more than that of what it can become: A super-powered peace-keeping instrument and a diverse, flourishing system with shared values and the inherent ability to see challenges from multiple perspectives. It’s now on us to act and voice our vision for Europe, so don’t miss the elections http://www.elections2014.eu/