Asymmetric cryptography uses one key to encrypt a message and another key to decrypt the encrypted message. One of the two keys is called a public key. Another is called a private key. As implied by their names, a public key is usually broadcast as general information, while a private key is kept confidential. A private key has no relation to a public key. There is no way (or with little possibility) of inferring a private key from the knowledge of public key.
A -->|Message|-->B
Suppose we would like to protect a message from A to B from being eavesdropped (e.g., in a website with https:://).
The process proceeds as follows:
1. B broadcasts its public key.
2. A recognizes the public key of B.
3. A encrypts the message using the pubic key of B, and sends the encrypted message to B.
4. B decrypts the encrypted message using its private key.
Since there is no way of inferring the private key from the public key, no one benefits from knowing B's public key and the messaged remains gibberish to everybody who does not know the private key of B.
Clearly, the public key is a powerful concept which allows end-to-end encryption without having to share the key apriori.
No comments:
Post a Comment