Public Key Encryption

What is public key encryption?

Public key encryption is an encryption method using two types of keys: a public key and a private key.

The public key is a key made available to all computers wanting to communicate with the receiving computer. Public keys can be made available on websites or sent via email.

On the other hand, the private key is known only by the receiving computer.

How is data sent using public key encryption?

The sender encrypts the data using its private key, and then encrypts the private key using the receiver's public key.

The receiver then uses its private key to decrypt the sender's private key, and then uses this key to decrypt the document.

Note that unauthorised users cannot access the private key of the sending computer, since it needs to be decrypted using the private key of the sending computer, therefore it is very secure. Besides, given one of the keys should not make it possible to figure out the other key.

Digital signatures are also used for authentication, i.e. making sure that the data is sent by a "trusted source". Other methods for authenthication include:

passwords

pass cards

fingerprint scan

retina scan

face scan

voice identification

When used on a large scale, a digital certificate is used. The certificate authority can confirm if the web server is trusted, and that every computer is that which it states it is. When confirmed, the certificate authority provides the public keys of the computers to one another.

Hashing algorithms

Keys in public key encryption are created using hash values. The hash algorithm is performed on an original value, and the result is used as the key.

A very basic example is:

If the input number and hashing algorithm are not known, it will be very difficult to determine from where the hash value has come, thus unauthorised users will not be able to crack the data.

Of course, public key generation is more complex than this. Normally, very large numbers (40-bit or 128-bit has values) are used, which makes it very difficult to crack.

Validation and verification of data

While data is being transferred, it may be corrupted, thus when received it is checked. The two most popular checking algorithms are:

Checksum:

A checksum is an algorithm that checks a whole block of data for corruption. In general, the bytes of a message are added up, and the result is stored.

When the data is then received, another checksum is performed and matched with the previous one. If they do not match, it can be said that the data was corrupted, else it is assumed that the data was not corrupted.

CRC - Cyclic Redundancy Check:

Like a checksum, CRC is performed before sending the data, and then carried out again when the data is received to check for data loss or corruption. CRC is similar to checksums, but is more effective. It uses polynomial division, and is simple to implement in binary hardware. CRCs are very effective in common errors caused by interference over transmission channels.

Secure Socket Layer - SSL

The most famous implementation of public key encryption is Secure Socket Layer (SSL). It is nowadays extensively used, both by Netscape and Internet explorer, and infact it has become part of the transport layer. It is also known as the Transport layer security (TLS).

The URL of an SSL-enabled website starts with https:// instead of http://.

What happens when two computers start a secure session is that:

Computer A creates a private key.

It sends it to computer B who wants to communicate with it, using B's public key.

The computers then communicate using computer A's private key.

After the communication session ends, the private key is discarded.

Since a new key is created every time a communication session starts, it is less likely that an unauthorised user will manage to discover it, thus making the communication more secure.