It's also known as:
- non-secret encryption
Public key cryptography is used by Internet standards, such as:
- and GPG.
In public key cryptography, Two keys are used:
- one public (that is public, everybody can read it)
- one private (that is kept secret)
They are used for several usage.
An algorithm produce a keypair.
- It selects a private key uniformly at random from a set of possible private keys.
- Acceptable keypairs are created with the help of a large random number.
- the private key is kept secret, decrypt and sign.
The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is unfeasible.
A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public key infrastructure (PKI), in which one or more third parties – known as certificate authorities – certify ownership of key pairs through a certificate. See below.
To be able to tell a key's owner, public keys are enriched with attributes (such as names, addresses, and similar identifiers). This packed collection (public key and its attributes) is digitally signed.
Public Key Distribution
Secrecy: ensure that the communication being sent is kept confidential (secrecy) during transit.
A digital signature is a mathematical scheme to prove a message came from a particular sender:
- neither can anyone impersonate the sender
- nor can the sender deny having sent the message.
Some public key algorithms provide:
- key distribution and encryption (e.g., Diffie–Hellman key exchange),
- some provide digital signatures (e.g., Digital Signature Algorithm),
- and some provide both (e.g., rsa).
To achieve both authentication and confidentiality, the sender should;
- include the recipient's name in the message,
- sign it using his private key (ie computes the digital signature for the message)
- encrypt both the message and the signature using the recipient's public key.
- sends the signature together with the message to the intended receiver.
See Public Key
Public key cryptography is often used to secure electronic communication over an open networked environment such as the Internet, without relying on a hidden or covert channel, even for key exchange.
Enveloped Public Key Encryption (EPKE) is often the method used when securing communication on an open networked environment such by making use of the;
- Transport Layer Security (TLS)
- or Secure Sockets Layer (SSL) protocols.
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems.
In 1973, a British cryptographer at the UK Government Communications Headquarters (GCHQ), Clifford Cocks implemented it.
A word about Security
Revocation / replacement - All events requiring revocation or replacement of a public key can take a long time to take full effect with all who must be informed (i.e., all those users who possess that key). For this reason, systems that must react to events in real time (e.g., safety-critical systems or national security systems) should not use public key encryption without taking great care.