Public Key Cryptography

3 mins read

As mentioned in the previous article on encryption, in an Asymmetric Key Encryption, two mathematically compatible keys are generated in such a way that one key is used for encryption and the other key is used for decryption. Thus, text encrypted with one key can be decrypted with the other key and vice-versa. This is also called as Public Key Encryption or Public Key Cryptography. The keys are generated using mathematical algorithms. The shared key between two persons is also generated mathematically based on the two sets of public and private keys as shows below.

In 1976, Whitfield Diffie and Martin Hellman who, influenced by Ralph Merkle’s work on public key distribution, came out with the first widely known Asymmetric Key Encryption. The process came to be known as Diffie-Hellman Key Exchange. Later on Ron Rivest, Adi Shamir and Leonard Adleman came out with the RSA algorithm in 1977 which is also an Asymmetric Key Encryption.

Public Key Cryptography - Key Generation
Public Key Cryptography - Shared Private Keys

Suppose Alice has generated two mathematically compatible keys Private Key and Public Key. Now, if Bob wants to send an encrypted message to Alice, Bob can encrypt it with Public Key of Alice. Thus, for getting messages from Bob, Alice will share her Public Key with Bob. Now, Bob will encrypt the message with Public Key of Alice. Now the message cannot be opened with Public Key anymore and needs Private Key for decryption. Since only Alice will have the Private Key with her, only Alice can decrypt and read the contents of the message. Now, if Alice makes public her Public Key, anyone can encrypt messages with it and send them to Alice. So whenever anyone sends an encrypted message to him, only he will be able to read it by using her Private Key.

Public Key Cryptography - Message Sharing
Arrows indicate the flow of data.

On the other hand, if Alice has to send a message to Bob, she can encrypt it with the Private Key of her friend and her friend will be able to decrypt it and read the contents.

On the other hand, if Alice wants to send a message to all her friends, she can encrypt it with her Private Key and her friends will be able to decrypt the message using her Public Key which Alice would have already shared with her friends.

Public Key Cryptography - Broadcast Message

As illustrated above, in the pair of mathematically compatible keys, one keys is the private key and the other one is the public key. The private key is known only to the owner of the key and he makes public his public key for everyone to send/receive encrypted messages to/from him.

Digital Signature

Public Key Cryptography can also be used for something known as Digital Signatures to verify the authenticity of messages. Here, Alice wants to send a message to Bob. Alice will calculate the hash of the message and encrypt it with her private key. This encrypted hash will be appended to the end of the actual message by Alice. This process is called signing. Now, Bob will receive the message as well as the encrypted hash. Bob will verify the sign by decrypting and obtaining the hash and compare it with a freshly generated hash of the message. If the hash obtained by decrypting the hash and the freshly calculated hash of the obtained message match, the message is authentic. Any tampering with the message will invalidate the Digital Signature.

Digital Signature
Arrows indicate the flow of data.

Pretty Good Privacy (PGP)

Another application of Public Key Cryptography is what is known as Pretty Good Privacy (PGP). It was invented by Phil Zimmermann. It ensures integrity, privacy, authentication, and non-repudiation in the sending data. In PGP, a one time secret key is used for symmetric encryption. This key is used for encrypting the digitally signed message by the sender. Also, this key is encrypted by using the public key of receiver and the encrypted one time key is sent to the receiver. The encryption and decryption in PGP works as below.


PGP - Encryption
Arrows indicate the flow of data.


PGP - Decryption
Arrows indicate the flow of data.

Since anyone can generate a public and private key, the question arises as to how to verify if a particular key belongs to a person or not. For this, a Public Key Infrastructure (PKI) is put in place. PKI allows users to engage in secure communication and helps in establishing the identity of people, devices, and services. PKI is a set of hardware, software, policies, roles, etc which are used to create, distribute, store, delete, manage, verify Digital Certificates (which contain the keys). An entity called Certificate Authority (CA) handles key management and gives private keys to the user and publishes the public keys for usage by others.

For Wikipedia entry on Public Key Cryptography, click here.

For more posts on Cybersecurity, click here.

For more posts in The Cyber Cops project, click here.