Windows Security: Public/Private Key Exchange (Basics)

My wife and I saw CITIZENFOUR yesterday during a secret screening.  If you have not had the chance to see this movie, please do so as soon as you can – it’s a great documentary!  The only complaint I have about the film is that they do not explain Cryptography or Encryption for the “normal” folks.  When the film ended, I looked around and their were many non-technical people (including older individuals).  I remember hearing someone say “well I guess I’m not going to be using email anymore”.  This sentiment is not what the film is about, and I believe the director should have explained this very technical methodology to not confuse the non-techie people.

With all that being said, I’m going to try to explain Public/Private Key Exchange in the simplest form I can……

Imagine that you (mother) are wanting to send an email to someone (son), but you want the contents to be secure from prying eyes.  In order to do this, you need to use a form of encryption that it is secure.  The most common form of encryption is based on a certificate.

You may be asking, what the hell is a certificate?  Think about your college degree or your highschool diploma, you received this certificate from your high school or university. This certificate is really nothing special, just a printed piece of paper, but the one thing that makes this certificate unique is that it’s yours.  Additionally, your certificate is unique because it has your name on it, the year you graduated, the school you went to and it possibly has an issue number.  All of these things make your certificate unique, this is similar to a certificate we use for encryption.

The only difference between a certificate you received for your graduation and one you use for encryption is that your certificate for encryption is digital.  Your digital certificate is typically unique because it comes from trusted source, it’s made specifically for you, and well it means that this is me – you can trust me.

So you have your unique certificate and within your certificate is a public key and a private key.  As you can imagine, your private key should always be kept private.  This private key is the key (pun intended) to all of your encryption.  This means that you do not want to store this private key just anywhere – keep it on a thumb drive in a safe (and buried in the backyard) 🙂  Seriously, keep it as safe as the data you are trying to encrypt needs to be protected.

The other half of your certificate is your public key.  Your public key will be, well, public and we (the son) will use this public key to encrypt their data.  You may be asking at this point, well okay I have my certificate, I have my public and private key, and my data is now encrypted by my public key, NOW WHAT?  Well, once (your) the data is encrypted with your public key then you are the only one that can decrypt the data.

That’s right, your private key is used to decrypt data that has been encrypted by your public key!

Now let’s get to a real world example.  Now, back to my example above – Mother wants to send data that’s secure to her son.  For the mother to send data securely she first needs to get a certificate.  Depending on where the mother lives, she can purchase a certificate from a Certificate Authority (CA) or receive one from her work’s CA.  Once the mother has a certificate, she installs into her web browser or email client (for example).

Now that the certificate is installed, the public key (sometimes the private key as well) is installed on her computer and can be used to encrypt her data.  Since the mother has a public key, it’s now in the public and is sent with most communication on the web.  That’s okay, remember this is your public key. The mother then sends her public key to her son (by sending an email).  Once her son has his mothers public key, he can now communicate with his mother securely.  Anything that is sent by the son to the mother can be decrypted by the mother because her private key is the only one that can decrypt the message – which is sent encrypted by the mothers public key.

Below is a great graphical explanation of the Public/Private Key Exchange:

GPG-SChema

This post explains the basics of public/private key exchange and does not go into the details surrounding the multitude of different technologies (i.e. Diffie-Hellman, symmetric and asymmetric key exchanges, etc).  I hope this post has helped people understand the absolute basics of encryption.

Advertisements

Script: Adding Exchange Resource Accounts to your Outlook

I work for a large public University and we have many Resource Accounts.  We needed a way to move from Public Folders but we wanted it to be seemless as possible.  To do this, I created this VBS script that allows anyone to add Resource Accounts to their Outlook 2013/2010 calendar as a shared calendar.  The user in question will have to run this script while Outlook is open and it will pull the Resource Account (add the Resource Account name in the RESOURCEACCOUNTNAME variable below) from the GAL and add it to the users calendar.  I hope this helps anyone interested in doing the same.


'**************************************************************************
' Script Name: ADDCALENDAR.vbs
' Version: 1.0
' Author: Josh Rickard
'Last Updated: 4.Nov.2013
' Purpose: This program is used to add Room Resource Calendars to
' someones Microsoft Office 2013 Shared Calendars group.
' Outlook 2013 has to be open for this script to continue.
' This script was originally created for the Trulaske
' University of REDACTED Technology Services Department.
' Legal: Script provided "AS IS" without warranties or guarantees
' of any kind. USE AT YOUR OWN RISK. Public domain.
'**************************************************************************
 Dim objApp
 Dim objNS
 Dim objFolder
 Dim strName(3)
 Dim objDummy
 Dim objRecip
 Dim calendar
 strName(0) = "RESOURCEACCOUNTNAME"
 strName(1) = "RESOURCEACCOUNTNAME"
 strName(2) = "RESOURCEACCOUNTNAME"
 strName(3) = "RESOURCEACCOUNTNAME"

Const olMailItem = 0
 Const olFolderCalendar = 9

 

' This section checks to see if Outlook 2013 is open. If it is not
' It will return "Please Open Outlook and run this program again"

'Change "Outlook.Application.15" to "Outlook.Application.14" for Outlook 2010
On Error Resume Next
Dim Outlook: Set Outlook = GetObject(, "Outlook.Application.15")

If Err.Number = 0 Then
 MsgBox "This program will add Room Calendars to your mailbox."
Else
 MsgBox "Please Open Outlook and run this program again."
 Err.Clear
End If

 
' For Each Next Loop while adds each calendar from strName(array) to the users Shared Calendars

For Each calendar In strName

Set objApp = CreateObject("Outlook.Application.15")
 Set objNS = objApp.GetNamespace("MAPI")
 Set objFolder = Nothing

 Set objDummy = objApp.CreateItem(olMailItem)
 Set objRecip = objDummy.Recipients.Add(calendar)
 objRecip.Resolve
 If objRecip.Resolved = True Then
 On Error Resume Next
 Set objFolder = objNS.GetSharedDefaultFolder(objRecip, olFolderCalendar)
 On Error GoTo 0
 Else
 MsgBox "Could not find ", , _
 "User not found"
 End If

 Next

 Set GetOtherUserCalendar = objFolder
 Set objApp = Nothing
 Set objNS = Nothing
 Set objFolder = Nothing