Figure 14-3 Simple Public Key Encryption
Public key encryption is used to establish secure
communications over the Internet (via HTTPS). A
website’s SSL/TLS certificate, which is shared publicly,
contains the public key, and the private key is installed
on the web server.
A TLS handshake uses a public key to authenticate the
identity of the origin server and to exchange data that is
used for generating the session keys. A key exchange
algorithm, such as Rivest–Shamir–Adleman (RSA), uses
the public/private key pair to agree on session keys,
which are used for symmetric encryption when the
handshake is complete. Clients and servers can agree on
new session keys for each communication session, so
that bad actors are unable to decrypt communications
even if they identify or steal one of the session keys.
Data Integrity (One-Way Hash)
As data and documents move across networks or storage
devices, it is crucial to ensure that this data is identically
maintained during any operation.
In the case of data transfer, data flowing between
applications in a public network environment can flow
across many network elements, each of which can “see”
the data. Encryption ensures that even though these
elements can see the data, they cannot understand the
data. But because the data can flow across nodes that you
do not control, there is a risk that a node in the network
could alter the data before it reaches the destination.