Originally Published on DZone
In this first article of a series I’m going to start by explaining a little bit about Public Key encryption which is one of the fundamental building blocks of SSL.
Public Key Encryption
There are two types of encryption:
What does this mean?
With Symmetric encryption, the same key is used for both the encryption and the decryption which means that the key would have to be shared between the sender and the receiver over some secure channel before being used to encrypt communications.
Whereas with Asymmetric encryption there are two keys, a public key and a private key, one for encryption and one for decryption. The public key is used for encryption and the private key is used for decryption. Due to the fact that only the holder of the private key can decrypt a message, the necessity to exchange the public key in a secure manner is not a requirement. This means you can share your public key with anyone and they can encrypt messages, send them to you and only you can decrypt them.
How does it work?
Its similar to the concept of a night safe at the bank. You can open the chute, deposit your money and only the banker has the private key to be able to retrieve your deposit and then credit you account.
As seen here in the diagram below:
- You can open the chute and deposit your cash.
- Other people can open the chute but cannot reach your cash.
- The banker can open the door and retrieve your cash.
You have the public key and your banker has the private key.
This is how it would work when exchanging encrypted messages:
In the diagram the sender encrypts the plain text with the public key creating and encrypted message, the encrypted message is then sent down the wire to the receiver, who decrypts the message with his private key and retrieves the plain text.
So the benefit of Public Key Encryption is that you can give out your public key to someone wishing to send you information securely without it having to be over a secure channel and rest assured that nobody can read you private data.
NOTE: Keep your private key safe though
This is one of the fundamental building blocks behind SSL whereby the secure channel is created. I will cover in more detail the part it plays in the next article in the series but for now here is a brief description:
When you connect via the browser to a site using HTTPS, the server passes your browser its public key and information about the cryptographic algorithms that it supports.
With this information your browser creates a symmetric key which it encrypts with the servers public key and it sends it to the server specifying the algorithm to be used with this new key. Now both parties have a shared symmetric key with which they can both encrypt and decrypt communication between the client and the server.
A secure channel has now been created allowing messages / resources to flow back and forth.
In the next article in the series it will explain more about this and also how SSL protects users by verifying that they are in fact connecting to the server they requested.