Public-Key Cryptography, which is also known as asymmetric cryptography, is a system that uses pairs of keys to encrypt and authenticate information. One key in the pair is a public key which can, as the name suggests, be distributed widely without impacting security. The second key in the pair is a private key that is only known by the owner. This is a departure from symmetric cryptography, which was used exclusively until the 1970s. In symmetric cryptography, all keys are private, requiring a secure channel to transmit keys and secrecy by all parties about all keys. Both of these requirements proved difficult to maintain. In asymmetric cryptography on the other hand, public keys can be distributed freely. This public distribution allows encrypted, authenticated communication between parties that have not met or previously exchanged information.
Encryption and Digital Signatures
Within public-key cryptography, the private key can act as a “decoder ring,” enabling the owner of the private key to decode messages encrypted by the public key. In this system, anyone can use the public key to encrypt messages, but only the paired private key can decode those encrypted messages.
Senders can also use private keys as a way to digitally sign messages. These digital signatures allow recipients to authenticate the identity of the sender and rest easy in the knowledge that messages have not been tampered with since being signed. In this case, the information that is sent can be public, and the recipient can use certificate that accompanies the information to verify the integrity and authenticity of the signed message.
Public Keys and Certificates
It is important, then, to ensure that public keys are legitimate. This is accomplished through a public key infrastructure, or PKI, in which third party certificate authorities like SSL.com bind key pairs to the identities of entities such as websites, individuals, and organizations. Certificate authorities validate identities and issue digital certificates containing the public key and information about these identities.
Public keys are generally stored on digital certificates, which allows them to be easily shared. Private keys, which (obviously!) aren’t shared, are stored within users’ software, operating systems, or hardware like USB tokens.
On the internet, SSL/TLS certificates for HTTPS websites, which are shared publicly, contain the public key. The private key of the pair is on the origin server of the website. The system is used to verify the security of websites – something that is crucial for sites where things like credit card information is used. Through this system, public key encryption is able to establish secure communications online. This is done through HTTPS, which is a secure version of the http protocol that enables secure transmission of sensitive data. Even though the internet itself is an insecure network, the cryptographic system establishes a safe connection within the network.
Public-key algorithms are also basic components in secure electronic communications and data storage. They are the building blocks for internet standards like S/MIME (Secure/ Multipurpose Internet Mail Extensions) which provides cryptographic security for electronic messaging, ensuring that messages are authentic, untampered, private, secure and come from where they claim to come from. Public-key cryptography is also the basis of code signing and digital document signing, and can be used for client authentication and single sign-on.