Secret Key/Public Key

Traditional cryptography is based on a secret-key. A sender who wants to send an encrypted message to someone, encrypt it by using a secret-key and the receiver decrypt it by using the same secret-key. Obviously, both the sender and receiver of that message has to know the same secret-key. This method is known as secret-key or symmetric cryptography. The main problem is: the sender and the receiver have to agree on the secret-key, and they have to use a secure channel to exchange it. So they could use a trustworthy courier, a phone system or...the sender could encrypt the secret-key! Well, but how can the sender encrypt the secret-key? The receiver couldn't decrypt it, because he doesn't knows the secret-key! So, they could use the phone system, of course, but someone could tap the telephone wires...Well, they could use a trustworthy courier, of course, but that courier may be bribed...For these reasons another cryptography system was invented: the public-key cryptography system (also called asymmetric cryptosystem). The concept of public-key cryptography was introduced in 1976 by Whitfield Diffie and Martin Hellman. Well, but how does this system works? Simple: each person gets a pair of keys, one called the public-key, and the other called the private-key (private-key and secret-key are synonymous here). Each person's public-key is published - so whoever wants to use it can do it - while the private-key is kept secret. That's all! No secret information have to travel from the sender to the receiver any longer. So, if you want to communicate with someone encrypting the message, all you have to do is using his public-key. The receiver of that message, can decrypt the message by using his private-key. In other words: there is a connection between a public-key and its corresponding private-key. Nobody can recover the private-key from its corresponding public-key! So, only the intended recipient of an encrypted message can decrypt it by means of his private-key! It's great, isn't it? Well, unfortunately there is a problem, that's: is this public-key really associated with the real user to which I want to send an encrypted message? For example: I want to publish my public-key 'MikeyMouse'. I put it on the net and I say: 'Hello! This is may public-key: MikeyMouse. Send me a message!'. Then some nasty guy, change my public-key with his public-key 'nasty-key'. So my message become: 'Hello! This is my public-key: nasty-key. Send me a message!'. Now suppose you would like to send me an encrypted message. You don't know my real public-key 'MikeyMouse' and you believe that my real public-key is 'nasty-key'. Well you send that message encrypting it by the public-key 'nasty-key'. What's happen then? Simple: a 'nice' guy catch my message, decrypt it by means of his private-key (he can do that, because you have encrypted it by using his public-key 'nasty-key'!), read it, then encrypt it again by using my real public-key this time. So I receive your message and decrypt it by means of my private-key (which nobody unless me knows!) and nobody notice anything! So, you must be sure of a public-key before use it. In other words, that public-key must be authenticated.

Index           Home  Back       About  Contact us!

Copyright (c) 1998-2006 Wowarea