Digital Certificate Operation in a Complex Environment
Sections in this document:search
PKI Primer and Project Background
8.2. A few notes about cryptography...
Cryptography is a collection of mathematical techniques for protecting information. Information is made unintelligible by the use of a key and is later made readable by the use of the same, or another, key. Up until the 1960s or 70s, cryptographers used only symmetric keys.
Symmetric encryption is like having a code-sheet where the letter 'a' becomes the letter 'c', 'b' becomes 'd' etc. etc. So you write your letter using the code sheet and it is unintelligible (except that the code would have to be a bit more complex than this, to be useful!). When your correspondent wanted to de-crypt the letter that you had sent to him, he would need to use the same code-sheet (let's call this a ). Therefore the same key is used to encrypt and de-crypt - hence symmetric encryption.
Symmetric encryption is less processor-intense than asymmetric encryption but requires a key exchange at some stage. Keys have to remain secret and a different key may be required for every entity that communicates with you. Therefore, secure encryption using symmetric keys alone does not scale well. Symmetric keys are often exchanged under cover of asymmetric encryption to save on processor time/costs.
Asymmetric encryption was invented independently by academic cryptographers at Stanford University in the USA (in the 1970s) and by military cryptographers at Britain's GCHQ (probably in the 1960s). It is the basis of public key encryption, although a 'public' key is not strictly necessary. Information is encrypted by using one key of a pair and can only be decrypted using the other key.
This is like the equivalent of having a code-sheet (as in the previous example) but you would be able to hand out your code-sheet without worrying about the bad guys seeing it. You could even pin it to the supermarket notice board. If anyone wanted to send you a secret message, they can encrypt some information using your 'public' key, but no-one else could de-crypt it. No-one can de-crypt a message using the same (public) key. Only the private key can be used to de-crypt the message.
NOTE: Keys occur in pairs, with usually one private (i.e. kept secret). Something that is encrypted with a public key can only be decrypted with the private key. The reverse is also true: something encrypted using a private key can only be decrypted using the public key.
So, you've received a message from Alice who used your public key that was pinned up in public. (Actually, you don't have to keep the key in public - it just doesn't matter where you keep it!). When you receive Alice's unintelligible message, you de-crypt her message using your private key. Now that key is really private and should be kept top secret. Therefore, two keys have been used: one to encrypt and another to de-crypt.
But let's assume that Alice has sent you a message using your public key. She could also send you an encrypted message to you that included a symmetric key. That would then allow you and her to communicate (more easily - as it needs less processor time) using symmetric encryption!