Private key

From Clinfowiki
Jump to: navigation, search

A private key is one cryptographic key of a mathematically related pair of keys (the other is termed “public”). This pair of keys is used to encrypt and decrypt data when using a process known as “public key encryption”. Each of these keys usually exists in the form of very long sequences of numbers, and is typically created through the use of a computer program using a public key encryption algorithm [1].

To get an idea of how a private key is used, as well as the relationship to its paired public key, the difference between symmetric and asymmetric encryption should be explained.

Symmetric Encryption

If someone wants to encrypt a secret message so that only someone else chosen by the sender can read the message, the sender could encrypt it with a self-chosen secret “password”, known as a “key”, using a computer program. The message could later be decrypted by recipient (to whom the sender has given the key) by using a compatible computer program. So, if you don’t have the secret key (the password), then you can’t read the secret message (in theory, anyway… this type of encryption can be easy to crack without using the key). This process is an example of symmetric encryption, as the algorithm that uses the secret key to encrypt a message is simply reversed to decrypt the message at the other end- by using the same key. This key must be kept secret by both the sender and receiver in order to keep the message secret.

Asymmetric Encryption

A stronger, much more difficult to crack method of encrypting a message, public key encryption, uses “asymmetric” encryption to keep secrets. Using this method, a pair of mathematically related keys are first created using a fairly complex process involving prime numbers. One key is used to encrypt a message, and the other key of the pair is used to decrypt the message.

The process of using public key encryption could unfold something like this:

Alice wants people to be able to send her encrypted messages. She uses an encryption/decryption program on her computer to first generate a pair of keys: one private and one public. These two keys are essentially, as described above, a mathematically related pair of very long, random-appearing numbers. Alice stores the private key on her computer; this key is “secret” and should only be known to Alice. She then takes the public key and sends it to those people from whom she wishes to receive encrypted messages. She can even post this public key on her web site for all to see- without worrying about compromising her secrets. She can do this because her public key can only be used to do one thing: encrypt a message that only her private key can decrypt. So once someone has Alice’s public key, they can use it with a computer program similar to hers to encrypt a message, and when this encrypted message is sent to Alice, she will use her computer program to decrypt it with her software, using her private key- the "secret" key that was created in pair with the public key.

Finally

One conceptual issue between these two types of encryption that can be confusing involves the differences in “workflow”, for lack of a better term, that can exist when using single key (symmetric) vs. public key (asymmetric) encryption. With single key encryption, many people think of a person first encrypting a message with a key (or password), then telling the recipient the key so that the recipient may later decrypt the message using it. This is different from the paradigm involved when using the private/public key pairs of public key encryption. In this case, the recipient, not the sender, typically initiates the encryption workflow by first generating, then distributing, the public key to anyone wishing to send back an encrypted message. This mindset may be spoken aloud as “I’m allowing other people to send me encrypted messages”, as opposed to the mindset of single key encryption, where one might say “I’m going to encrypt a message then send it to you.”

References

  1. Primer on Public Key Encryption: http://www.mycrypto.net/encryption/encryption_public.html