Public key cryptography
Public key cryptography is a method for encrypting and decrypting data. Public key cryptography is also called asymmetric cryptography. It's a very popular way to encrypt and decrypt data because it doesn't require a secure channel to exchange the cryptographic keys used for encrypting and decrypting data. The need for a secure channel for exchanging keys makes symmetric cryptography, where the same key is used to encrypt and decrypt data, problematic over public networks like the internet. With public key cryptography, keys can be exchanged through insecure channels without compromising the ability to exchange encrypted data and communicate securely.
Glossary
- Encryption is the process by which plaintext data, i.e. data that can be read by anyone, is transformed in a way that makes it unreadable.
- Decryption is the process by which the cryptographic transformation that made some data unreadable is reversed so that the data is readable again.
- A cipher is a series of calculations that transforms data to make it unreadable, in a way which is reversible. A cipher uses a cryptographic key to transform the data.
- A key is a long string of characters used by a cipher to encrypt and/or decrypt data. The sequence of characters in a key determines exactly how the data is transformed to be made unreadable, and/or how the transformation is reversed to make the data readable again.
Private keys and public keys
Each participant in an encrypted exchange owns a public key, which can be freely distributed, and a private key, which is kept safe and private and is never shared with anyone else.
The two keys in a key pair are always generated at the same time. This is necessary because they are mathematically related in a special way: When data is encrypted using the public key in a pair, that data can only be decrypted using the private key in the same pair. If someone only has access to the public key in a key pair, they can encrypt data with the key, but they cannot decrypt the resulting encrypted data. In order to decrypt data encrypted with a public key, the corresponding private key is required. The mathematical relationship between the two keys is designed so the private key cannot be derived from the public key.
The public key is an encrypter key; it is a key used exclusively for encrypting data. It is used by everyone except the owner of the key to encrypt data sent to the owner.
The private key is a decrypter key; it is a key used exclusively for decrypting data. It is used by the owner of the key to decrypt data encrypted with the owner's public key.
Let's examine these concepts by looking at an example of public key encryption.
A real-life example
Lois Lane has a key pair that she uses for asymmetric cryptography: a public key, "Lois Public", and a private key, "Lois Private". These keys were generated by Lois on her own computer.
Clark Kent has a key pair that he uses for asymmetric cryptography: a public key, "Clark Public", and a private key, "Clark Private". These keys were generated by Clark on his own computer.
Lois wants to exchange data with Clark. She doesn't want anyone else to be able to read the data. She sends her public key, Lois Public, to Clark. She also asks Clark for a copy of his public key. Clark then sends Clark Public to Lois.
Lois now has three keys: Lois Public, Lois Private, and Clark Public.
Clark also has three keys: Clark Public, Clark Private, and Lois Public.
Lois is ready to send some data to Clark. Before sending it, she encrypts it using Clark's public key, Clark Public. She doesn't use her own keys for anything yet. Once the data is encrypted with Clark Public, Lois sends the data to Clark. After Clark has received the data, he decrypts it using Clark Private. Clark Private is the only key that can decrypt data encrypted with Clark Public. Now Clark can read the data.
After reading the data Lois sent, Clark wants to send some of his own data to Lois. Before sending it, he encrypts it using Lois' public key, Lois Public. Once the data is encrypted with Lois Public, Clark sends the data to Lois. After Lois has received the data, she decrypts it using Lois Private. Lois Private is the only key that can decrypt data encrypted with Lois Public. Now Lois can read the data.
But what's this? Oh no! Lex Luthor has been tapping the line that connected Lois and Clark! When Lois and Clark sent their public keys to each other, Lex got a copy of them! And when Lois and Clark sent data encrypted with the public keys to each other, Lex got a copy of that too! But because Lois and Clark used public key encryption, Lex can't do anything with the things he stole. The only way to decrypt the data that Lois sent to Clark is by using Clark Private, and Clark never shares Clark Private with anyone. And the only way to decrypt the data that Clark sent to Lois is by using Lois Private, and Lois never shares Lois Private with anyone.
In the end, the data that Lois and Clark exchanged remains secure, even though the keys that encrypted the data and the encrypted data itself were all sent over a compromised channel. Score one for public key cryptography!
Digital signatures
Encrypting messages with the recipient's public key is one of the most common uses of public key cryptography. Another common use is for digital signatures, where the identity of the owner of a private key can be established by anyone who has access to that owner's public key. In this case the owner of a private key generates a signature using that private key, and the public key corresponding to that private key can then be used to verify that it was in fact the private key that was used to generate the signature. By establishing ownership of a private key, digital signatures can be used to sign things when the identity of the sender is important. Such things include software updates, requests for privileged information, digital certificates, legal documents, and so on.
Public key infrastructure
One of the primary real-world uses of public key cryptography and digital signatures is to sign and verify digital certificates as part of a public key infrastructure (PKI). A PKI is a framework of roles and processes that enables secure and trusted communication and data exchange within a community. In a PKI, a trusted entity called a certificate authority issues signed digital certificates to other entities that link these entities' verified identities to their public keys. This allows the members of a community to verify that the entities they are communicating with (people, corps, servers, etc.) are who they say they are, while at the same time serving as a distribution channel for public keys.
In a PKI, digital signatures, certificates and cryptographic key pairs all work together to enable the secure exchange of data between trusted entities. Browsing the internet, sending encrypted messages and emails, and using online banking apps are just a few everyday activities that depend on PKI.