Public Key Security: Difference between revisions
| Line 36: | Line 36: | ||
===Public Key=== | ===Public Key=== | ||
A | A public key is widely disseminated, shared with any party and used to encrypt data. Data such encrypted can be only decrypted by matching [[#Private_Key|private key]]. The public key can also be used to verify a signature - data encrypted with a specific private key can only be decrypted with the matching public key. | ||
===Private Key=== | ===Private Key=== | ||
Revision as of 00:09, 8 April 2018
Internal
Overview
Asymmetric Cryptography
Asymmetric cryptography or public key cryptography is a cryptographic system that uses pairs of keys: public keys, which may be disseminated publicly and widely, and private keys that are known only to the owner, to provide authentication and encryption.
Authentication
The authentication function is provided by using the public key of the counterpart to verify that a message was indeed signed with the counterpart's private key. This mechanism works because the private key that signed the message cannot belong to anyone else than the counterpart whose public key was used for verification. This proof is considered sufficient to insure that the counterpart is who it is claiming to be.
Encryption
The encryption function is provided by using the public key of the recipient to encrypt the message. The message thus encrypted can only be decrypted by the corresponding private key, available only to the recipient. Nobody else can decrypt the message.
Public Key Infrastructure (PKI)
A public key infrastructure (PKI) is a set of roles, policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public key cryptography. The components of the architecture are aimed at binding public keys with respective identities of entities owning those public keys, such as people or organizations. The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).
Certificate Authority (CA)
Registration Authority (RA)
Validation Authority (VA)
Certificate
Key Pair
A key pair consists in two separate but matching cryptographic keys: a public key and a private key.
Public Key
A public key is widely disseminated, shared with any party and used to encrypt data. Data such encrypted can be only decrypted by matching private key. The public key can also be used to verify a signature - data encrypted with a specific private key can only be decrypted with the matching public key.
Private Key
The private key is kept secret, and it used to decrypt data that was encrypted by the matching public key.
X.509
X.509 is a ITU-T standard for a public key infrastructure (PKI). It specifies the format of certificates. For more details, see:
SSL/TLS
Transport Layer Security (TLS) is the successor of Secure Sockets Layer (SSL). They are both cryptographic protocols designed to provide communications security over a computer network. The client/server pair use a symmetric key to encrypt the communication. The symmetric key is unique and generated for each connection, as part of a protocol exchange that involves pair's public and private keys, using asymmetric cryptography. For more details, see: