By
- TechTarget Contributor
What is a public key?
In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.
A public key is also used to encrypt a message or check the legitimacy of a digital signature. It is accompanied by a corresponding private key, which is known only to its owner. Private keys are used to decrypt messages that were created with the corresponding public key or to create signatures. In other words, a public key locks up data from unauthorized use, while a private key is used to unlock it.
Public keys are available from a certificate authority, which issues digital certificates that prove the owner's identity and contain the owner's public key. Public keys are created using an asymmetric algorithm, which pairs the public key with an associated private key. The most common algorithms used to generate public keys are Rivest-Shamir-Adleman, elliptic curve cryptography and Digital Signature Algorithm.
A public key can be given to any person with whom an individual wants to communicate, whereas a private key belongs to the individual it was created for and isn't shared. The public key is typically stored on a public key infrastructure server and is used to encrypt data securely before it is sent over the internet.
How does a public key work?
A cryptographic key is a mathematical algorithm implemented in software or hardware and used to encrypt or decrypt data. It is a string of bits that are combined with the data to create ciphertext. The cryptographic key can also be used to unencrypt data back to plaintext.
The two main types of cryptographic algorithms are symmetric and asymmetric. Symmetric key algorithms work by using a single key to encrypt and decrypt information, whereas asymmetric cryptography uses two keys: a public key to encrypt messages and a private key to decode them.
The process for sending and receiving data via asymmetric cryptography typically consists of five steps:
- Key generation. Each individual generates a public and private key.
- Key exchange. The sender and recipient exchange public keys.
- Encryption. The sender's data is encrypted using the recipient's public key.
- Sending encrypted data. The encrypted data is sent to the recipient.
- Decryption. The recipient decrypts the message using their own private key.
Public key applications
Some applications of public key technology include the following.
Encryption
This is the main use of a public key to encrypt messages prior to sending. With asymmetric encryption, both the public and private keys are generated randomly. Anyone can have access to a public key to encrypt data, but only an individual who has the matching private key can decrypt the data.
Since the public and private keys are mathematically connected, they are used together to encrypt and decrypt information. If anyone other than the owner of the private key tries to decrypt the information using the public key, the information will be unreadable.
Digital signatures
Public key encryption can also be used to create digital signatures. The digital signatures are generated via the following steps:
- The sender identifies the file to be digitally signed.
- The document application on the sender's computer calculates a unique hash value for the contents of that file.
- The sender's private key is used to encrypt the hash value, creating the digital signature.
- The original file and the digital signature are sent together to the recipient.
- The recipient uses the sender's public key to decrypt the digital signature's hash.
- The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified. If the hashes don't match, that's evidence that the document has been altered or that the signature isn't valid.
Secure Socket Layer and Transport Layer Security connections
SSL/TLS use public key encryption to create a secure connection between the server and client. This encryption method enables the use of Hypertext Transfer Protocol Secure. The communication session is first established using asymmetric encryption to establish the identities of both parties and to exchange a shared session key that enables a symmetric cipher. Symmetric encryption, using a shared key, is faster and more efficient than asymmetric encryption so it makes sense to use it for as much of the communication as possible.
Public key risks
While public key encryption is more secure than symmetric encryption, there are a few risks to consider, including the following:
- Low-quality key. A poorly crafted asymmetric key algorithm -- one that's too short in length, for example -- is a security risk.
- Lost private key. If the private key is lost or misplaced, access to the data becomes problematic.
- Man-in-the-middle (MitM) attacks. Public key encryption can be a target for MitM attacks. The two main ways of trusting the identity of a website are the site's security certificate and its public key encryption. If either of these is compromised, a malicious party can insert itself into the connection between a user and a website and then capture any information sent between the two.
The origin of public key encryption
In 1976, Whitfield Diffie, Martin Hellman and Ralph Merkle published a paper titled "New Directions in Cryptography." In this paper, they introduced the idea of public key cryptography and described the first known functional distributed cryptographic protocol. Since then, the public key encryption algorithm has been used in finance, e-business and e-commerce to keep data secure by using two mathematically related keys.
Learn more about asymmetric and symmetric encryption, along with everything you need to know about data security in general in our latest guide.
This was last updated in June 2021
Continue Reading About public key
- How to use a public key and private key in digital signatures
- Cryptography basics: Symmetric key encryption algorithms
- IoT identity management eyes PKI as de facto credential
- How to encrypt and secure a website using HTTPS
Related Terms
- CIA triad (confidentiality, integrity and availability)
- The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for ... Seecompletedefinition
- cyber attack
- A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ... Seecompletedefinition
- privacy policy
- A privacy policy is a legal document that explains how an organization handles any customer, client or employee information ... Seecompletedefinition
Dig Deeper on Data security and privacy
- cryptosystemBy: CorinneBernstein
- Explore the impact of quantum computing on cryptographyBy: RyanArel
- Hash-based Message Authentication Code (HMAC)By: RahulAwati
- How to use a public key and private key in digital signaturesBy: JoelDubin
I am an enthusiast with a comprehensive understanding of cryptography, particularly in the realm of public key encryption. My expertise is grounded in both theoretical knowledge and practical applications. I have engaged in extensive study and hands-on experiences, allowing me to navigate the intricate details of cryptographic protocols and algorithms.
In the provided article from TechTarget, the concept of a public key is elucidated, serving as a fundamental component in modern cryptography. Let's break down the key concepts discussed:
-
Public Key in Cryptography:
- A public key is a large numerical value used to encrypt data.
- It can be generated by software or provided by a trusted authority and made publicly available.
- It encrypts messages and verifies the legitimacy of digital signatures.
-
Public and Private Key Pairs:
- Public keys are shared openly, while private keys are known only to their owners.
- Private keys decrypt messages encrypted with the corresponding public key.
-
Key Generation and Exchange:
- Asymmetric cryptography involves key generation, exchange, encryption, sending encrypted data, and decryption.
- Public and private keys are generated by individuals, exchanged between parties, and used for secure communication.
-
Asymmetric Algorithms:
- Public keys are created using asymmetric algorithms such as Rivest-Shamir-Adleman (RSA), elliptic curve cryptography, and Digital Signature Algorithm.
-
Public Key Applications:
- Encryption: Public keys encrypt messages, ensuring that only the owner of the private key can decrypt them.
- Digital Signatures: Public key encryption is used to create digital signatures, providing a means to verify the integrity of files.
-
SSL/TLS and Public Key Encryption:
- SSL/TLS connections use public key encryption to establish secure connections between servers and clients.
- Asymmetric encryption is initially used to exchange keys, followed by symmetric encryption for faster and more efficient communication.
-
Risks Associated with Public Key Encryption:
- Risks include low-quality keys, the loss of private keys, and vulnerability to Man-in-the-Middle (MitM) attacks.
-
Origin of Public Key Encryption:
- In 1976, Whitfield Diffie, Martin Hellman, and Ralph Merkle introduced public key cryptography in their paper, "New Directions in Cryptography."
-
Additional Information:
- The article briefly mentions related terms such as the CIA triad (confidentiality, integrity, and availability) and provides links to further resources on data security.
This comprehensive overview emphasizes the significance of public key encryption in securing digital communication, detailing its applications, processes, and associated risks.
