All encryption systems rely on
the concept of a key. A key is the basis for a transformation, usually
mathematical, of an ordinary message into an unreadable message. For
centuries, most encryption systems have relied on what is called private
key encryption. Public key encryption is the only challenge to private
key encryption that has appeared within the last 30 years.
Private key encryption
Private-key encryption
systems use a single key that is shared between the sender and the
receiver. Both must have the key; the sender encrypts the message
by using the key, and the receiver decrypts the message with the same
key. Both must keep the key private to keep their communication private.
This kind of encryption has characteristics that make it unsuitable
for widespread, general use:
- Private key encryption requires a key for every pair of individuals
who need to communicate privately. The necessary number of keys rises
dramatically as the number of participants increases.
- The fact that keys must be shared between pairs of communicators
means the keys must somehow be distributed to the participants. The
need to transmit secret keys makes them vulnerable to theft.
- Participants can communicate only by prior arrangement. No way
exists to send a usable encrypted message to someone spontaneously.
You and the other participant must make arrangements to communicate
by sharing keys.
Private-key encryption is also called symmetric encryption,
because the same key is used to encrypt and decrypt the message.
Public key encryption
Public key encryption
uses a pair of mathematically related keys. A message that is encrypted
with the first key must be decrypted with the second key, and a message
that is encrypted with the second key must be decrypted with the first
key.
Each participant in a public-key system has a pair of
keys. The symmetric (private) key is kept secret. The other key is
distributed to anyone who wants it; this key is the public key.
To
send an encrypted message to you, the sender encrypts the message
by using your public key. When you receive the message, you decrypt
it by using your symmetric key. To send a message to someone, you
encrypt the message by using the recipient's public key. The message
can be decrypted with the recipient's symmetric key only. This kind
of encryption has characteristics that make it very suitable for general
use:
- Public-key encryption requires only two keys per participant.
The increase in the total number of keys is less dramatic as the number
of participants increases, compared to symmetric key encryption.
- The need for secrecy is more easily met. Only the symmetric key
needs to be kept secret and because it does not need to be shared,
the symmetric key is less vulnerable to theft in transmission than
the shared key in a symmetric key system.
- Public keys can be published, which eliminates the need for prior
sharing of a secret key before communication. Anyone who knows your
public key can use it to send you a message that only you can read.
Public-key encryption is also called asymmetric encryption,
because the same key cannot be used to encrypt and decrypt the message.
Instead, one key of a pair is used to undo the work of the other.
With
symmetric key encryption, you have to be careful of stolen or intercepted
keys. In public-key encryption, where anyone can create a key pair
and publish the public key, the challenge is in verifying that the
owner of the public key is really the person you think it is. Nothing
prevents a user from creating a key pair and publishing the public
key under a false name. The listed owner of the public key cannot
read messages that are encrypted with that key because the owner does
not have the symmetric key. If the creator of the false public key
can intercept these messages, that person can decrypt and read messages
that are intended for someone else. To counteract the potential for
forged keys, public-key systems provide mechanisms for validating
public keys and other information with digital certificates and digital
signatures.