1 /** |
|
2 @page Security_intro_PKC Public Key Cryptography |
|
3 \n |
|
4 |
|
5 Public key (sometimes called @ref asymmetric) cryptography allows encrypted messages to be sent without the need to establish a |
|
6 shared secret key. It involves the use of two keys called a key pair: a private key and a public key. The private key is |
|
7 kept secret, and a public key is made publically available. |
|
8 |
|
9 All entities using such a system would typically possess a key pair. They will use these keys either for @ref encryption or |
|
10 @ref decryption. In any case, if one of the keys is used for @ref encryption, then only the other key can be used for @ref decryption. |
|
11 |
|
12 So, in public key cryptography, to send a message in an encrypted form to a receiver, the sender: |
|
13 @li Gets hold of the receiver's public key. |
|
14 @li Encrypts the message with the receiver's public key. |
|
15 @li Sends the encrypted message. |
|
16 |
|
17 The receiver then decrypts the message using its private key. Only the receiver, who has access to the corresponding |
|
18 private key, can decrypt it. |
|
19 |
|
20 That is the basic process used for a pure PKC system. In the real world, however, public key cryptography is typically |
|
21 used in conjunction with traditional symmetric key cryptography. This is done in order to reduce key management problems |
|
22 while at same time taking advantage of the superior speed of the latter. The method for doing this is called a digital |
|
23 envelope: a random symmetric private secret key is generated, the message is encrypted with this secret key using a |
|
24 symmetric algorithm, and then the secret key is encrypted with the receiver's public key using an @ref asymmetric algorithm. |
|
25 |
|
26 The other main use for public key cryptography is in signing (see: @ref Security_signatures). |
|
27 |
|
28 While public key cryptography ensures that only the entity with access to the corresponding key will be able to read the |
|
29 message or could have signed a given message, it gives no assurance that this entity is/are actually the entity they |
|
30 claim to be. This is where certificates come in. @ref Security_intro_certificates are needed to solve the problem of |
|
31 @ref authentication. |
|
32 |
|
33 |
|
34 |
|
35 */ |
|