(Public Key Cryptography|Asymmetric Cipher)

About

Public key cryptography is a cryptographic system from the 70's that uses pairs of keys

It's also known as:

Public key cryptography is used by Internet standards, such as:

The public key cryptographic scheme is often used to exchange an on-the-fly symmetric key, which will only be used for the current session because it's much more performance efficient

Concept

Keypair

In public key cryptography, Two keys are used:

  • one public (that is public, everybody can read it)
  • one private (that is kept secret)

They are used for several usage.

An algorithm produce a keypair.

  • It selects a private key uniformly at random from a set of possible private keys.
  • Acceptable keypairs are created with the help of a large random number.

Public Key Crypto Pair Key Creation

In short:

  • the public key is used for the verification of encryption or signature ;
  • the private key is kept secret, decrypt and sign.

The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is unfeasible.

Public Key Authenticity

PKI

A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public key infrastructure (PKI), in which one or more third parties – known as certificate authorities – certify ownership of key pairs through a certificate. See below.

Certificate

To be able to tell a key's owner, public keys are enriched with attributes (such as names, addresses, and similar identifiers). This packed collection (public key and its attributes) is digitally signed.

The resulting object model is called a certificate and is signed by a certificate authority (CA). This procedure is called the public key infrastructure (PKI). This is a hierarchical trust model.

The certificate has no role in the encryption. It's a signed document (by a trusted Certificate Authority (CA)) which, ensures that the party you are communicating with is whom you think.

Public Key Distribution

see public key distribution

Usage

Secrecy

Secrecy: ensure that the communication being sent is kept confidential (secrecy) during transit.

More:

Digital Signature

A digital signature is a mathematical scheme to prove a message came from a particular sender:

  • neither can anyone impersonate the sender
  • nor can the sender deny having sent the message.

Authentication

The digital signature can be used for sender/receiver authentication

Non-repudiation

The digital signature can be used for non-repudiation

Procedure

Some public key algorithms provide:

To achieve both authentication and confidentiality, the sender should;

  • include the recipient's name in the message,
  • sign it using his private key (ie computes the digital signature for the message)
  • encrypt both the message and the signature using the recipient's public key.
  • sends the signature together with the message to the intended receiver.

Management

See Public Key

Application

Public key cryptography is often used to secure electronic communication over an open networked environment such as the Internet, without relying on a hidden or covert channel, even for key exchange.

Enveloped Public Key Encryption (EPKE) is often the method used when securing communication on an open networked environment such by making use of the;

  • Transport Layer Security (TLS)
  • or Secure Sockets Layer (SSL) protocols.

Implementation / Algorithm

Implementations by chronological order

RSA

RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems.

In 1973, a British cryptographer at the UK Government Communications Headquarters (GCHQ), Clifford Cocks implemented it.

DH

Diffie–Hellman key exchange

DSA

DSA keys (Digital Signature Algorithm) can only be used for signing and verifying, not for encryption.

A word about Security

Revocation / replacement - All events requiring revocation or replacement of a public key can take a long time to take full effect with all who must be informed (i.e., all those users who possess that key). For this reason, systems that must react to events in real time (e.g., safety-critical systems or national security systems) should not use public key encryption without taking great care.

Documentation / Reference

Task Runner