Public Key Cryptography
What is Public Key Cryptography?
Is a cryptographic system that uses pairs of keys. Also, known as asymmetric Cryptography. These two keys are mathematically related, but not identical.
The public key is used to encrypt and the private key is used to decrypt. Public keys can be freely shared, allowing
users an easy method for encrypting content and verifying digital signatures. Private keys must be kept secret ensuring only
the owners of the private keys can decrypt content and create digital signatures.
Since public keys need to be shared and are too big to remember they are stored on digital certificates for secure transport and sharing. Since private keys are not shared, they are stored in the operating system or on hardware (e.g. token, hardware security module (HSM)) that allow them to be used by your operating system or software.
Digital certificates are issued by entities known as Certificate Authorities (CAs).
Main use cases for Public Key Cryptography
- Encryption
- Content is encrypted using the individuals public key and can only be decrypted using the individual’s private key
- Digital Signatures
- Content is digitally signed within an individual’s private key and is verified by the individual’s public key
Security Benefits of Encryption
- Confidentiality
- Ensures on the intended party can decrypt and view the contents
- Integrity
- A step of the decryption process is verifying the contents of the original encrypted message with the new decrypted message. A change will cause the decryption process to fail
Security Benefits of Digital Signature
- Authentication
- Due to the fact an individual’s private key was used to create the digital signature, recipient’s can be confident that the individual was the one that applied the signature
- Non-repudiation
- Digitally signed messages assure the recipient that the message truly came from the claimed sender
- They preclude the sender from later claiming that the message is a forgery
- Integrity
- Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient
- This protects against malicious and unintentional modifications
Further concepts
- Public Key Infrastructure (PKI)