Public key cryptography is a cryptographic system from the 70's that uses pairs of keys
It's also known as:
Public key cryptography is used by Internet standards, such as:
The public key cryptographic scheme is often used to exchange an on-the-fly symmetric key, which will only be used for the current session because it's much more performance efficient
In public key cryptography, Two keys are used:
They are used for several usage.
An algorithm produce a keypair.
In short:
The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is unfeasible.
A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public key infrastructure (PKI), in which one or more third parties – known as certificate authorities – certify ownership of key pairs through a certificate. See below.
To be able to tell a key's owner, public keys are enriched with attributes (such as names, addresses, and similar identifiers). This packed collection (public key and its attributes) is digitally signed.
The resulting object model is called a certificate and is signed by a certificate authority (CA). This procedure is called the public key infrastructure (PKI). This is a hierarchical trust model.
The certificate has no role in the encryption. It's a signed document (by a trusted Certificate Authority (CA)) which, ensures that the party you are communicating with is whom you think.
Secrecy: ensure that the communication being sent is kept confidential (secrecy) during transit.
More:
A digital signature is a mathematical scheme to prove a message came from a particular sender:
The digital signature can be used for sender/receiver authentication
The digital signature can be used for non-repudiation
Some public key algorithms provide:
To achieve both authentication and confidentiality, the sender should;
See Public Key
Public key cryptography is often used to secure electronic communication over an open networked environment such as the Internet, without relying on a hidden or covert channel, even for key exchange.
Enveloped Public Key Encryption (EPKE) is often the method used when securing communication on an open networked environment such by making use of the;
Implementations by chronological order
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems.
In 1973, a British cryptographer at the UK Government Communications Headquarters (GCHQ), Clifford Cocks implemented it.
DSA keys (Digital Signature Algorithm) can only be used for signing and verifying, not for encryption.
Revocation / replacement - All events requiring revocation or replacement of a public key can take a long time to take full effect with all who must be informed (i.e., all those users who possess that key). For this reason, systems that must react to events in real time (e.g., safety-critical systems or national security systems) should not use public key encryption without taking great care.