InfoCenter Home > 5.5.1: Introduction to public-key cryptographyAll encryption systems rely on the notion of a key. A key is the basis for a transformation, usually mathematical, of an ordinary message into a unreadable one. For centuries, most encryption systems have relied on what is called private-key encryption. Only within the last 30 years has a challenge to private-key encryption appeared: public-key encryption. Private-key encryptionPrivate-key encryption systems use a single key. This requires the sender and the receiver to share the key. Both must have the key; the sender encrypts the message by using the key, and the receiver decrypts the message with the same key. Both must keep the key private to keep their communication private. This kind of encryption has characteristics that make it unsuitable for widespread, general use:
Private-key encryption is also called symmetric encryption, because the same key is used to encrypt and decrypt the message. Public-key encryptionIn the 1970s, a mathematical breakthrough led to the development of another major cryptographic system, public-key encryption. Public-key encryption uses a pair of mathematically related keys. A message encrypted with the first key must be decrypted with the second, and a message encrypted with the second key must be decrypted with the first. Each participant in a public-key system has a pair of keys. One of these keys is kept secret; this is the private key. The other is distributed to anyone who wants it; this is the public key . To send an encrypted message to you, the sender encrypts the message by using your public key. When you receive it, you decrypt it by using your private key. When you wish to send a message to someone, you encrypt it by using the recipient's public key. The message can be decrypted only with the recipient's private key. This kind of encryption has characteristics that make it very attractive for general use:
Public-key encryption is also called asymmetric encryption, because the same key cannot be used to encrypt and decrypt the message. Instead, one key of a pair is used to undo the work of the other. WebSphere Application Server uses the RSA public/private key-encryption algorithm. With private-key encryption, you have to be careful of stolen or intercepted keys. In public-key encryption, where anyone can create a key pair and publish the public key, the challenge is in verifying that the owner of the public key really is the person you think it is. There is nothing to stop a user from creating a key pair and publishing the public key under a false name. The person listed as the owner of the public key will not be able to read messages encrypted with that key because he or she will not have the private key. If the creator of the false public key can intercept these messages, that person can decrypt and read messages intended for someone else. To counteract the potential for forged keys, public-key systems provide mechanisms for validating public keys (and other information) with digital signatures and digital certificates. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|