public key
What is a public key?
In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.
A public key is also used to encrypt a message or check the legitimacy of a digital signature. It is accompanied by a corresponding private key, which is known only to its owner. Private keys are used to decrypt messages that were created with the corresponding public key or to create signatures. In other words, a public key locks up data from unauthorized use, while a private key is used to unlock it.
Public keys are available from a certificate authority, which issues digital certificates that prove the owner's identity and contain the owner's public key. Public keys are created using an asymmetric algorithm, which pairs the public key with an associated private key. The most common algorithms used to generate public keys are Rivest-Shamir-Adleman, elliptic curve cryptography and Digital Signature Algorithm.
A public key can be given to any person with whom an individual wants to communicate, whereas a private key belongs to the individual it was created for and isn't shared. The public key is typically stored on a public key infrastructure server and is used to encrypt data securely before it is sent over the internet.
How does a public key work?
A cryptographic key is a mathematical algorithm implemented in software or hardware and used to encrypt or decrypt data. It is a string of bits that are combined with the data to create ciphertext. The cryptographic key can also be used to unencrypt data back to plaintext.
The two main types of cryptographic algorithms are symmetric and asymmetric. Symmetric key algorithms work by using a single key to encrypt and decrypt information, whereas asymmetric cryptography uses two keys: a public key to encrypt messages and a private key to decode them.
The process for sending and receiving data via asymmetric cryptography typically consists of five steps:
- Key generation. Each individual generates a public and private key.
- Key exchange. The sender and recipient exchange public keys.
- Encryption. The sender's data is encrypted using the recipient's public key.
- Sending encrypted data. The encrypted data is sent to the recipient.
- Decryption. The recipient decrypts the message using their own private key.
Public key applications
Some applications of public key technology include the following.
Encryption
This is the main use of a public key to encrypt messages prior to sending. With asymmetric encryption, both the public and private keys are generated randomly. Anyone can have access to a public key to encrypt data, but only an individual who has the matching private key can decrypt the data.
Since the public and private keys are mathematically connected, they are used together to encrypt and decrypt information. If anyone other than the owner of the private key tries to decrypt the information using the public key, the information will be unreadable.
Digital signatures
Public key encryption can also be used to create digital signatures. The digital signatures are generated via the following steps:
- The sender identifies the file to be digitally signed.
- The document application on the sender's computer calculates a unique hash value for the contents of that file.
- The sender's private key is used to encrypt the hash value, creating the digital signature.
- The original file and the digital signature are sent together to the recipient.
- The recipient uses the sender's public key to decrypt the digital signature's hash.
- The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified. If the hashes don't match, that's evidence that the document has been altered or that the signature isn't valid.
Secure Socket Layer and Transport Layer Security connections
SSL/TLS use public key encryption to create a secure connection between the server and client. This encryption method enables the use of Hypertext Transfer Protocol Secure. The communication session is first established using asymmetric encryption to establish the identities of both parties and to exchange a shared session key that enables a symmetric cipher. Symmetric encryption, using a shared key, is faster and more efficient than asymmetric encryption so it makes sense to use it for as much of the communication as possible.
Public key risks
While public key encryption is more secure than symmetric encryption, there are a few risks to consider, including the following:
- Low-quality key. A poorly crafted asymmetric key algorithm -- one that's too short in length, for example -- is a security risk.
- Lost private key. If the private key is lost or misplaced, access to the data becomes problematic.
- Man-in-the-middle (MitM) attacks. Public key encryption can be a target for MitM attacks. The two main ways of trusting the identity of a website are the site's security certificate and its public key encryption. If either of these is compromised, a malicious party can insert itself into the connection between a user and a website and then capture any information sent between the two.
The origin of public key encryption
In 1976, Whitfield Diffie, Martin Hellman and Ralph Merkle published a paper titled "New Directions in Cryptography." In this paper, they introduced the idea of public key cryptography and described the first known functional distributed cryptographic protocol. Since then, the public key encryption algorithm has been used in finance, e-business and e-commerce to keep data secure by using two mathematically related keys.
Learn more about asymmetric and symmetric encryption, along with everything you need to know about data security in general in our latest guide.