How TextEgg Uses Public Key Cryptography



The Original Problem

You want people to be able to send you sensitive information, so you want them to encrypt it. But in order to decrypt the information, you need to know the password that they use. But if they send you the unencrypted password, then it's no more secure than if they sent you the unencrypted information - catch 22!


The Solution (short version) - use TextEgg

Create a TextEgg document, setting a password when you save it. Let other people have a copy of the document. They can add information to the document and apply the Encryption format to it before saving - they don't need a password to do this. They then send the document back to you, and you enter your password to decrypt.

If you and they are likely to exchange more information, they could also suggest a shared password in the encrypted section of the document; you can then re-save the document with the password they suggest, and from then on both of you can encrypt or decrypt any text added to the document.


The Solution (long version)


a. Public Key Cryptography

The original problem was actually solved in the 1970's with the creation of public key cryptography. In traditional cryptography a single password is used for both encryption and decryption. In public key cryptography, two keys (or 'long complicated passwords') are created: a public key and a private key. The public key is used to encrypt data, and the private key to decrypt it. So anyone can be provided with the public key with no need to worry about losing security.

One way to visualise the way that public key cryptography works, is to think of it as being like a post box, or a piggy bank. Anyone can be allowed access to the slot (the public key), and use it to securely add their valuable data. But nothing can be taken out without access to the private key.

b. The Remaining Problem

Public key cryptography is a very clever solution - for those who know how to use it. The problem is that most people don't - how are they supposed to create public and private keys? How are they supposed to use them to apply encryption and decryption to their data?

c. The TextEgg Solution

TextEgg makes it easy to use public key cryptography by hiding all the technical details inside documents. When you save a TextEgg document, you provide a password. TextEgg then creates public and private keys, and encrypts the private key using your password. The public key, and the encrypted private key are then embedded into your document where you don't need to know anything about them.

Text that you've applied the Encryption format to is encrypted using the embedded public key. So anyone can add encrypted text to the document without needing a password. When you want to decrypt text, you provide your password, TextEgg uses it to decrypt the private key, and then uses the private key to decrypt the text you want to view.


The Added Bonus for TextEgg Users

Clearly TextEgg can be used as a simple way to take advantage of public key cryptography. But this also provides a bonus even if you don't want to exchange information with anyone else. It means that when you are using TextEgg yourself, you don't have to enter a password every time you want to encrypt something new. You set the password once, when you create the document, and from then on TextEgg uses the embedded public key for encrypting new text. You only need the password for decrypting.