I understand that in end to end encryption the message is encrypted and only the recipient has the key to Decrypt it. How is the key transmitted, and how can the key not get intercepted with the message?
You are talking about the Alice and Bob situations.
Alice has a pair of keys. Private and public.
Bob has a pair of keys private and public.
Bob and Alice swap public keys.
Alice uses bobs public key to encrypt a message, when Bob receives the message he uses his private key to decrypt the message.
The private keys that do the decryption are never swapped. Only the public key are swapped which allow encryption.
If some else has bobs public key, they can not decrypt a message because the key they intercepted is used for encryption.
There is also another method called a Diffie-Hellman exchange. Where Bob and allice still swap public keys but Bob uses his private key and allices public key to do a maths equation to get a secret. Allice will use her private key and bobs public key doing the same math equations will result in the same number.
So the secret was never shared between them they both did the same equation and came to the same result.
With Diffie-Hellman, wouldn’t the two private keys need to be the same to give the same result?
No. The wiki article explains it better than I can.
With asymmetric encryption there are 2 keys - 1 is public (= everyone can look it up) and 1 is private (only the receiver has that key). Those are mathematically related.
When I send a message, I use the receivers Public key to encrypt the message - so that message is only decryptable with the private key, so the recipient alone can decrypt it.How is the recipient the only one with a private key? If the key is sent with the message, then how does it determine the recipient? Couldn’t someone spoof the recipient’s credentials? What credentials are used to determine the proper recipient?
Imagine a lock that requires 2 keys to work. One, the public key, can only lock it. The other, the private key, can only unlock it.
It’s safe to share the public key since anything it locks can only be opened with the private key. So every interaction you have that needs to be kept hidden, you send out a copy of your public key, and only your private key allows you to read the message.
Credentials are irrelevant. If you need to communicate with someone else, you send your key, they send theirs back. Anything you lock with their public key, only their private key will access.
The private key never leaves the one it belongs to - if it does, then the encryption isn‘t secure anymore. If keys are sent, then the public ones, which are ‚public‘ (e.g. let me send you my public key, so you can send encrypted messages to me).
When you create a key pair, you get which the private and which the public one is. Keep your private key, private and you‘re the only holdener.
For advanced security, the messages (e.g. E-Mails) are secured on top with TLS, which encrypts the message on its way. If there‘s a man-in-the-middle attack, he would just see the encrypted message with no key to decrypt it.
Lets say we wanna talk. I keep a private decryption key and send you a (public) encryption key. Everyone now knows how to encrypt a message for me but nobody, not even you, can read it. The decryption ley is NEVER SENT and kept secret, the encryption key is public but can never decrypt anything.
There are a few ways you can send encrypted information, but they all boil down to the same concept: Create a problem that is very difficult to solve unless you already know part of the answer. For example, I have a number that when divided by 7(a prime key in this case) has a remainder of 3. It could be 10, 17, 24, etc… We then take that number’s remainder, raise it to a power and multipy it by a large number to create a huge result. I send this result to the other party without sending my prime, along with the number I multiplied. They choose their own prime and do some more math with my result and send back the result. Since I know my prime, its simple for me to get the result but anyone watching would have to do a lot of math to get the answer.
Two excellent videos on the subject: https://youtu.be/NmM9HA2MQGI https://youtu.be/Yjrfm_oRO0w
At the most basic level, what you need to understand is that each user of a service creates a key pair. A PRIVATE key that DECRYPTS messages and the matching PUBLIC KEY that ENCRYPTS data.
So if I give you my public key, you can use it encode your messages to me.
When data is encrypted with a public key, it undergoes a mathematical transformation. The specific transformation is designed so that the data can’t be feasibly reverted (decrypted) using the same public key. Only the private key, due to its unique mathematical properties, can reverse this transformation.
By no means an expert, bit I’ll try: One technique would b asymmetric encryption. Every participant has two keys, a public and a private one. When I want to send you an encrypted message, I encrypt the message with your public key. This key you can make available in any way, it can’t be used in a harmful way. The message I encrypted with you public, you can decrypt using your private key, and only with that. Like this, you only need to exchange public keys used only for encryption. So no useful information for an attacker. And private keys never need to leave your hands.
To put it simply, one party openly distributes keys that can ONLY ENCRYPT but not decrypt a message. So I can encrypt a message but only the original key distributor can decrypt it. Thats how a first secure communication is established that can then be used to exchange any initial secrets for further communication…