Asymmetric cryptography or two-key cryptography is the cryptographic method that a pair uses of keys for sending messages. The two keys belong to the same person who will receive the message. One key is public and can be delivered to anyone, the other key is private and the owner must keep it so that no one has access to it. In addition, cryptographic methods guarantee that this key pair can only be generated once, so it can be assumed that it is not possible for two people to casually obtain the same key pair.
If a person sending a message to a recipient, then will use the later’s public key to encrypt it. Once encrypted, only the recipient’s private key can decrypt the message, since it is the only one that should know it. Therefore the confidentiality of sending the message is achieved, no one but the recipient can decipher it. Anyone, using the recipient’s public key, can encrypt messages; Those that will only be decrypted by the recipient using their private key.
If the owner of the key pair uses his private key to encrypt a message, anyone can decrypt it using the public key of the first. In this case the identification and authentication of the sender is achieved, since it is known that it could only have been he who used his private key (unless a third party has obtained it). This idea is the foundation of the electronic signature, where legally there is a presumption that the signer is effectively the owner of the private key.
The public key encryption systems or asymmetric encryption systems were invented in order to completely avoid the problem of key exchange of symmetric encryption systems. With the public keys it is not necessary for the sender and the recipient to agree on the key to be used. All that is required is that, before initiating the secret communication, each one must obtain the public key of the other and each take care of his private key. Moreover, those same public keys can be used by anyone who wishes to communicate with any of them provided that each public key is used correctly.
- Ana writes a message.
- Ana encrypts the message with David’s public key .
- Ana sends the encrypted message to David through the internet, either by email, instant messaging or any other means.
- David receives the encrypted message and decrypts it with his private key .
- David can now read the original message Ana sent him.
The two main branches of public key cryptography are:
- Public key encryption: a message encrypted with a recipient’s public key cannot be decrypted by anyone (including the one who encrypted it), except a holder of the corresponding private key, presumably its owner and the person associated with the public key used . Its function is to guarantee the confidentiality of the message.
- Digital signatures: A message signed with the sender’s private key can be verified by anyone who has access to the sender’s public key, which shows that this sender had access to the private key (and therefore, it is likely that be the person associated with the public key used). This ensures that the message has not been altered, since any manipulation of the message would affect a different result of the message digest algorithm (encoded message digest). It is used to guarantee the authenticity of the message.
An analogy with public key encryption is that of a mailbox with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is, in essence, the public key. Someone who knows the street address can go to the door and place a written message through the slot; however, only the person who owns the key (private key) can open the mailbox and read the message. An analogy for digital signatures is the sealing of an envelope with a personal seal. The message can be opened by anyone, but the presence of the seal authenticates the sender.