When we talk about crypto-something, we need to talk about Alice and Bob acting as actors in the example section. I hope you don’t get bored with them as I will use them as examples too. Here, Alice and Bob will use RSA for the asymmetric key, SHA256 for hash function, OAEP for encrypt/decrypt, PSS for sign/verify, and Base64 for the encoding.
Encrypting
Alice wants to send Bob an important message securely and Alice doesn't want anybody to read that message except Bob
. It might be a love confession, a nuclear code, or perhaps just private spam. Due to their close relationship, Alice and Bob have exchanged their public keys, so romantic, isn’t it? So Alice thought of creating a small Go program to create encrypted messages to send to Bob and encrypt the message with Bob's public key
.
|
|
Alice’s encrypted message looks like this:
|
|
When Bob receives the encrypted message from Alice, Bob wants to read it immediately. So Bob created a program to decrypt the message with his private key
.
|
|
And finally, Bob was able to read Alice’s message. Because Bob keeps his private key to himself, People can't decrypt Alice's message
including me, so I can’t show the plain message to you in this blog post. Sorry guys.
Signing
After receiving the message from Alice, Bob was very happy. Bob wants to reply to Alice’s message. But Bob forgot where to put Alice’s public key. Bob thought of announcing a reply where everyone would know how happy he was after receiving Alice’s message. But the problem is, how can Bob ensure that the reply isn't modified by others and can be ensured that Bob who announces the reply
. Bob starts creating a Go program to sign the message with his private key so everyone who has Bob's public key can verify that the reply is announced by Bob
including Alice.
|
|
Bob’s reply looks like this:
|
|
Bob’s signature looks like this:
|
|
Alice who read the announcement wants to make sure that the message isn't modified and sent by Bob
. So Alice verified the message using the signature and Bob's public key
.
|
|
And it’s verified that Bob announced the reply!
To be summarized, Encrypt
is the method you want to use when you don't want anyone to read the message except the recipient
while Sign
is the method you want to use when you want to make sure the message hasn't been changed and it can be verified that only you who sent it
You can read the whole Golang code here:
|
|
Thank you for reading!