Securing your apps with Public Key Cryptography & Digital Signature

Mohit Arora, Freescale Semiconductor
11/22/2011 2:11 PM EST

Public Key Cryptography offers ultimate security being based asymmetric keys; however it does have a specific purpose and is often not a replacement of symmetric crypto algorithms like AES. This article provides some basic information about the security mechanisms behind Public Key Cryptography with practical details on how it is used by some of the popular tools like PGP, SSL as well as Digital Signature.

Public keys and private keys
One of the main problems with symmetric key cryptography is using the same private key for both encryption and decryption. Two parties sending messages to each other must agree to use the same private key before they start transmitting secure information. Since the two parties may be in different parts of the world, private key must be passed through the network.

An interceptor, that manages to get hold of private key somehow, can easily decrypt the encrypted messages. Security of the Private key is the biggest problem with symmetric key cryptography. There need to be a secure way to communicate the private key between the sender and receiver – if there were a secure way to do this, then the cryptography would not have been necessary in the first place in order to create that secure channel.

Public Key Cryptography solves this problem. The primary feature of public-key cryptography is that it removes the need to use the same key for encryption and decryption. With public-key cryptography, keys come in pairs of matched “public” and “private” keys.

The public portion of the key pair can be distributed in a public manner without compromising the private portion, which must be kept secret by its owner.

An operation (for example, encryption) done with the public key can only be undone with the corresponding private key.

Click here to read more ...