I understand that there is a key known between your PC and the VPN, and that key is used to decrypt the information, but how is this key shared between your PC and the VPN securely?
You have a private key. This private key can both encrypt data as well as decrypt data. In addition, this private key is mathematically able to create another key, a public key, which is mathematically related to the original private key.
This public key can now encrypt data, but it cannot decrypt the data it encrypts. But because this public key is mathematically related to the private key, the private key CAN decrypt the data that the public key encrypted.
So your public key can encrypt, but not decrypt.
You give your public key to your VPN provider. They encrypt data that is going from VPN → You. Once you get this data, you use your private key to decrypt it.
Your VPN provider also gave YOU their public key. So now when you need to send data to your VPN provider, you encrypt it with their public key, and your VPN provider decrypts it with THEIR private key.
The above is a realistic example of how things work, but it does have some caveats:
Caveat #1: Data can be encrypted with more than 1 key
Caveat #2: Your VPN provider likely provided you with your private key, thus enabling BOTH you AND them the ability to decrypt your traffic. This is a big thing when people worry about their vpn provider “logging their traffic” and then being able to decrypt it. This is why trusting your VPN provider is required (and a poor thing to do).
Source: I’m the owner of a VPN start-up that does things differently. We never, ever, know your private keys, nor can we decrypt your data after-the-fact due to server key rotations. In short, if somebody offered us a trillion dollars to decrypt traffic that was captured, we still wouldn’t be able to do it. Check my reddit profile if you want to know more info. We are in public BETA now (free) for those who want to test it out.
Thanks for the reply! It helps clear things up for me. If the VPN provides you with your private key, is that said private key unencrypted when sent to you, and able to be intercepted?
Also for your specific VPN, how is the user private key created if you don’t ever know it?
Awesome, thank you I’ll read that. I was googling around and I guess just couldn’t find the right words because everything I found was just a basic description of what a VPN is.
And as an example of an implementation, there’s an overview of how OpenVPN does it for their business VPN, Access Server, described by their public key infrastructure: Access Server's CA Certificate Management
Honestly I’m not that smart, so most of the mathematics is going right over my head haha. But if I understand, your PC and the VPN each have a secret value. They agree to modify their secret values in the same way then send their modified values to each other. They then combine their secret value with the other’s modified value and both arrive at a shared secret value. This shared secret value is then used to encrypt/decrypt the sent data. I think?
Computerphile from YouTube has a series of these. Check out the diffie-hellman key exchange to learn about the high level overview
I will be messaging you in 4 months on 2022-12-26 03:16:33 UTC to remind you of this link
CLICK THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)