| Former and current denizens of the
schoolyard are no doubt familiar with the use of secret keys to encrypt
messages: in order to put one over on your teachers or classmates, you and
your friends devise a simple substitution code which you can then use to
create and decipher messages. The process is simple: |
|
- You exchange the key with your friend.
- Create your message.
- Encrypt the message using the key.
- Send the encrypted message to your friend.
- Your friend decrypts the message using the same key.
|
| This type of encryption, where the
sender and the recipient use the same code to encrypt and decrypt the
message, is an example of symmetric encryption. By using highly
complex encryption keys rather than simple substitution, it can prove
quite effective in protecting your secrets. |
|
|
Sending secure private messages with symmetric
encryption |
|
|
|
|
| There are a couple of glaring
problems with symmetric encryption. Firstly, it requires a separate key
for each pair of users (or group of users), which is okay in the
schoolyard, but becomes quite a management problem when you scale it
globally. Secondly, there’s no easy way to share the key securely in the
first place. In the schoolyard, you can just hand it to one another,
making sure no-one else sees it. On the Internet, especially when you want
to share messages with many people, physically handing the key over is not
feasible. Nor can you do it by e-mail or phone, because both are
themselves insecure means of delivery. So you’re in a catch-22. |
| One solution is in asymmetric
encryption, also known as public key encryption. In this form
of encryption, each person has a pair of keys. One key is a public key,
which can be made freely available, even advertised in a directory for all
to see. The other key, which you guard carefully, is a private key. A
message encoded with a particular public key can only be decoded using the
corresponding private key, and vice versa. |
| To send a message to someone using
public key encryption: |
|
- Acquire the recipient’s public key.
- Create your message.
- Encrypt it with the recipient’s public key. Once it’s encoded,
it can only be decoded with the recipient’s private key. It doesn’t
matter if someone intercepts the message, as they won’t have the
private key needed to decode it.
- Send the encrypted message to the recipient.
- The recipient decodes the message using their private key.
|
|
|
Sending secure messages with
public key encryption |
|
|
|
|
| Not only can you use public key
encryption to send private messages, you can also use it let the recipient
know the message really is from you, and not from some imposter. Here’s
how: |
|
- Create your message.
- Encrypt it using your private key.
- Send the encrypted message to the recipient.
- The recipient looks up your public key and uses this to
decode the message. If the message decodes correctly using your public
key, they can be sure that the message was created using your private
key, and thus that it originates from you.
|
|
|
Verifying the sender’s
identity with public key encryption |
|
|
|
|
| You’ll see that there’s a problem
here. Anyone with access to your public key can read the contents of this
message. If you want to keep the message contents private and let
the recipient verify that the message is indeed from you, you need to use
a combination of these two methods, essentially using the first method of
encryption on the message contents, and sending a digital signature
along with the message which is encrypted using the second method. This is
how many e-mail programs which support encryption work. |
|
© 1997 Australian PC
User and Rose Vines |