when we want to encrypt a message by a public key, how we can ensure the public key owner has its private key too?
the rules are:
- we do not want to have any information about private key that makes a security issue.
2.the verifying have to be done in a single request and not in a promise.
3.do not use any way that needs to store some data on the key receiver.
the only way that i can see is sending a random message that encrypted by the public key and ask from the key owner the decrypted message to compare them and ensure the public key sender have its private key too; but this way needs a promise like and two steps to verifying and storing some data:
receive a public key and send the encrypted random string and wait
receive the decrypted data and compare them with original string
now do you know any way to do this verifying without need to storing any data and just do it with a single request may be by some extra data to send by the public key or some thing else? or is there any other public key encryption algorithm that has this feature built-in?
Using S/MIME as an example, one pre-requisite of encrypting a message to the recipient is to have their Public Certificate.
Now, of course, the recipient can first send you their certificate as an attachment, however, it is more common for the recipient to first send you a signed email.
This signed email would prove that the recipient has access to their private key as they would hash the contents of the email and then sign the hash with their private key.
You would then verify the hash with their public key (the certificate is sent along side the email) and comparing that hash to the hash of the MIME content of the email.