In asymmetric cryptography, we have the terms "private key" and "public key". But the term "private key" is actually wrong.
Privacy is something you don't want the whole world to know.
Secrecy is something you don't want anyone to know.
Since what academics call a "private key" is something that you don't reveal to anyone else, the term "private" is wrong.
It should be, therefore, "secret key" and "public key".
The "private key" should, instead, be what you agree on with e.g. Diffie-Hellman. It makes more sense than "shared secret".
It also allows you to use sk and pk as variable names in cryptography APIs, instead of having to spell out pubKey and privKey since they both abbreviate to pk.
I'm a web sysop and support engineer. My skills are mainly in back-end: Java, Linux, Python, PostgreSQL, Git, and GitLab. Currently I'm learning front-end skills: JavaScript, and Ruby.
Secret key is most used for simmetric schemas. I get your point, but I think using private-key is right.
The real epic-fail in cryptography is about the misused "certificate" term:
A certificate is just the public-key plus the proven subject (owner) of the certificate signed by a Certification Authority. The certificate has not the private key but we can find things like
"install the certificate in the web server to configure the TLS...." or "sign with a certificate"
I get your point, but I think using private-key is right.
From A Cipherpunk's Manifesto by Eric Hughes (1993):
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
Yes but... I can be wrong, I am not english native,... but I think privacy and private are not related , they seem to be but are indeed different and unrelated concepts, this is, a private key is not "something for keeping privacy" but "something for keeping confidentiality or secrets"...
Not sure at all about these...
Not directly programming, but relevant.
In asymmetric cryptography, we have the terms "private key" and "public key". But the term "private key" is actually wrong.
Since what academics call a "private key" is something that you don't reveal to anyone else, the term "private" is wrong.
It should be, therefore, "secret key" and "public key".
The "private key" should, instead, be what you agree on with e.g. Diffie-Hellman. It makes more sense than "shared secret".
It also allows you to use
sk
andpk
as variable names in cryptography APIs, instead of having to spell outpubKey
andprivKey
since they both abbreviate topk
.This is my weird hill okay?
There are two hard problems in computing...
Secret key is most used for simmetric schemas. I get your point, but I think using private-key is right.
The real epic-fail in cryptography is about the misused "certificate" term:
A certificate is just the public-key plus the proven subject (owner) of the certificate signed by a Certification Authority. The certificate has not the private key but we can find things like
"install the certificate in the web server to configure the TLS...." or "sign with a certificate"
Shared key and private key achieve the same goal, without stepping on the historical meaning of secret key.
From A Cipherpunk's Manifesto by Eric Hughes (1993):
Yes but... I can be wrong, I am not english native,... but I think privacy and private are not related , they seem to be but are indeed different and unrelated concepts, this is, a private key is not "something for keeping privacy" but "something for keeping confidentiality or secrets"...
Not sure at all about these...
Private is an adjective, privacy is a noun, but they refer to the same thing.
A private matter is one that requires privacy.
A secret matter is one that requires secrecy.