Cryptography in Action 63
The concept of public key cryptography was intended as a way to over-
come the key management problems inherent in previous systems. In the
system each user who is enrolled receives a pair of keys called the public
key and the private key. Each person’s public key is published whereas
the private key is kept secret. By creating the keys this way, the need for a
shared key as symmetric is eliminated. This option also secures the com-
munication against eavesdropping or betrayal. Additionally this system of
generating keys provides a means of nonrepudiation that is not possible
with symmetric systems.Both keys can be used to encrypt, but when either key is used only the other key can
reverse it. For example, if you were to encrypt a message with my public key I am the only
one who could decrypt it since I have the private key that can open it. The reverse is true as
well.
The only requirement is that public keys must be associated with their users in a trusted
manner. With PKI, anyone can send a confidential message by using public information,
though the message can be decrypted only with the private key in the possession of the
intended recipient. Furthermore, public key cryptography meets the needs for privacy and
authentication.
How Does It Work?
We use the names Alice and Bob in our examples in this chapter. These
names are not randomly chosen, however. They are commonly used when
referring to the parties involved in any cryptographic transaction as an
example.In our example Alice wants to send a message to Bob and keep it secret at the same time.
To do so Alice will locate Bob’s public key and use it to encrypt her message. Once she
sends the message to Bob, he will use his private key to decrypt the message. No interme-
diate party will be able to view the message since only one person, Bob, has the means to
decrypt it.
If the other key is used—the private key—then a process using digital signatures
becomes possible. Since anything encrypted with the private key can be reversed only with
the public key and only one person holds, or should hold, the corresponding private key,
then the identity of the encrypting party can be assured.
Signing an electronic message involves the following process: In our example Alice will
create a message and then perform a special type of mathematical computation against it;
then she will use her private key to complete the operation. If Bob receives the message, he
will simply retrieve Alice’s public key and use it to verify that the private key was used. If
the process can be reversed with the key, that means it came from Alice; if it can’t, then it
didn’t come from Alice.