Use of Private keys

13 views

Skip to first unread message

offhand

unread,

Feb 8, 2012, 11:05:05 AM2/8/12

to reCAPTCHA

Can anyone educate me as to why Google is requiring the sending of the
public and private keys during the Captcha communication? This would
seem to me to essentially break the process. Private keys should be
protected by the end user and not offered as a means to authenticate
the transaction directly (instead using to create signature/
certificate, etc.).

PJH

unread,

Feb 8, 2012, 11:09:25 AM2/8/12

to reca...@googlegroups.com

They aren't like keys in the SSL sense of the term.

The private key is to authenticate the domain requesting the captcha with the servers. (i.e you're proving to google you're who you say you are by sending them the token you were handed by them when you registered.)
The public key is to authenticate the user who got the captcha with the servers.

i.e.
'Private' comms are your site <-> google
'Public' comms are your user <-> google (via you.)

I think the terminology is somewhat unfortunate in this respect.

--
You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
To post to this group, send email to reca...@googlegroups.com.
To unsubscribe from this group, send email to recaptcha+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/recaptcha?hl=en.