Attention required!
Bạn đang xem: Attention required!
But if you’re using two separate keys — one khổng lồ encrypt data và the other to lớn decrypt it — then you’re using asymmetric encryption (public key encryption). The keys are known as the public key (encryption key) và the private key (decryption key).
As we pointed out earlier, there are two separate keys involved in public key cryptography. Imagine a vault that has two separate keys. One can loông chồng the vault, but the same key can’t open it. This means you’d need a different key to lớn unloông chồng the vault. In public key cryptography, it’s much the same way: there are two keys — one that can encrypt the data và the other that can decrypt it. These keys are separate yet mathematically related lớn each other. That’s because they’re generated using an asymmetric algorithm that binds the public key khổng lồ the private one.
To learn more about the differences between them, be sure to lớn kiểm tra out this article on the differences between asymmetric vs symmetric encryption.
What Is a Public Key và How Does It Work?
Within public key infrastructure, the public key encrypts the data. It’s known as the public key because it can be openly distributed, & anyone can use it for encryption. As soon as the data is encrypted using a public key, you can neither interpret nor guess the original nội dung of the data from the ciphertext nor use the same key (i.e., public key) lớn unlock it.
Your public key is generated using complex asymmetric encryption algorithms. The length of the public key depends upon the algorithm it is made with. In general, the key kích cỡ varies from 128 bits to lớn 4096 bits. The Certificate Authority/Browser Forum (CA/B Forum) provides guidance for the ideal minimum public key size. For example, based on the CA/B Forum’s current guidelines, all CAs shall confirm that:
The RSA public key is at least 2048 bits, orThat one of the following ECDSA curves is used: NIST P-256, NIST P-384, or NIST P-521.An RSA public key looks lượt thích this:
The mathematical algorithms used khổng lồ create the public key (& private key) are:
ElGamalDigital signature algorithm (DSA)So, what is a difference between an RSA public key versus one that’s ECC? The key sizes, for one. RSA keys are significantly larger than ECC keys, yet ECC keys are just as strong. Second, the keys are calculated in different ways. An RSA public key is the result of two massive prime numbers & a smaller number, whereas an ECC public key is an equation that calculates a specific point on an elliptic curve.
What Is a Private Key & How Does It Work?
This key can decrypt ciphered data (i.e., encrypted data). Each public key has a corresponding private key. All the pairs of public & private keys are quality. The private key must be kept secret with the owner (i.e., stored safely on the authorized device or non-public-facing server). For SSL/TLS certificates, you generate your private key as part of the key pair that gets created with your certificate signing request (CSR). This means that even the certificate’s issuing CA doesn’t get khổng lồ see or have sầu access to lớn your public key.
Because your key is secret, it means that you need khổng lồ keep it safe & know where it is at all times. If your private key becomes lost, then you’ve got your work cut out for you và will need to lớn re-issue your certificate.
As you can imagine, it’s almost impossible to guess a private key from its corresponding public key because it’s generated with svào entropy (randomness). As such, it would take even a modern supercomputer thousands of years khổng lồ craông xã a private key via a brute force attaông xã. Thus, no one can decrypt the data except the authorized device where the private key is stored.
A private key looks lượt thích this:
A Quiông xã Overview Down the Differences: Public Key vs Private Key
Looking for a quichồng visual to help you see the differences between a public key và private key? Then look no further:
| Public Key | Private Key |
| Can be openly distributed | Must be kept a secret |
| Used for encryption | Can be used for decryption in asymmetric encryption, or encryption AND decryption in symmetric encryption |
| Authenticates digital signature signed with the corresponding private key (when used in certificate pinning) | Insert the digital signature (encrypting the hash) |
| Stored inside the digital certificates, outgoing emails, và executables | Stored in authorized devices and non-public-facing servers |
Public Key vs Private Key: Their Roles in Data Privacy và Security
When you want lớn protect data while it’s in transit or at rest, public key cryptography comes in handy. One endpoint encrypts the data using the recipient’s public key và sends it. The recipient decrypts it by using the corresponding private key. If anyone else in the middle intercepts the data, they can’t unlock, read, or otherwise interpret it without the private key.
Hence, asymmetric encryption protects the plaintext data from being exposed due to:
Man-in-the-middle attacks, Data leaks, andData theft.Just to lớn quickly clarify — asymmetric encryption doesn’t stop these types of attacks và data leaks or theft from taking place. But what it does vị is stop anyone from being able lớn read and access the unencrypted/plaintext data. Without the corresponding private key to decrypt the data, all the bad guys will see is gibberish.
A classic example of how khổng lồ think of a public key và private key is to lớn consider your email address & password.Your gmail address, in this case, represents a public key, which is available to the general public, & anyone who has access to it can sover you an tin nhắn. But only the password holder (i.e., you) can open & read the tin nhắn the trương mục contains. Here, the password serves as a type of private key.
All public key & private key pairs are unique. If you’re signing for a new user ID on a trang web or application, the system notifies you if your selected user ID is already in use. You must have sầu a chất lượng pair of a user ID (which can be an email, phone number, ID thẻ number, etc.) & password.
SSL/TLS Certificate
In the same way, the SSL/TLS certificate protects the data transfer between a browser & the website’s hệ thống using public key cryptography. The website owner installs an SSL certificate on their website & relies on the unique mix of public and private keys for that certificate. There are millions of sites using SSL/TLS certificates. But none of them have the same key pairs.
Xem thêm: Tiểu Luận: So Sánh Hối Phiếu Và Lệnh Phiếu, Kỳ Phiếu V Lệnh Phiếu
When a trang web visitor tries to open a website, their website browser engages in a process with the website’s hệ thống that’s known as a TLS handshake. As part of this process, the browser (client) generates a random pre-master secret, encrypts it using the server’s public key, và sends it khổng lồ the server. The hệ thống decrypts the pre-master secret using the corresponding private key and uses it to lớn compute a symmetric session key.
All the data transferred between a user and a trang web for the rest of the session is encrypted using the session key — meaning that it’s transmitted via symmetric encryption. No intruder can access the session key without a private key. It’s this initial use of public key cryptography that makes it possible lớn exchange session keys lớn engage in symmetric encryption for the rest of the session. This process protects data transmissions between a website & its visitors.
Public key cryptography is also used in the following digital certificates to lớn protect the data:
Public Key vs Private Key in Identity Verification
Another usage of a public key & the private key is identity verification & digital signatures.
In digital signatures, the sender inserts a digital signature using a private key. The recipient verifies the authenticity of the signature with the senders’ public key. No one can modify, copy, or delete the digital signature except the private key holder (i.e., the authorized sender). Digital signatures, with other measures, give sầu assurance about the sender’s identity & the integrity of the data.
E-Mail Signing Certificates
When you install an S/MIME certificate on your tin nhắn client, it generates a quality pair of public và private keys. It stores the private key on your VPS và sends the public key with all outgoing emails. You can digitally sign your emails using a private key stored on your device. The recipients receive sầu the tin nhắn along with the public key, which they use khổng lồ verify the signature. It gives the recipients assurance about the gmail sender’s identity.
A digitally signed gmail looks like this:
Code Signing Certificates
These certificates are used by software publishers to sign executable software, scripts, drivers, and applications. After completing a piece of software, the developer digitally signs it using their private key. Whenever the users try to lớn download the software, their devices receive the software’s public key to verify the signature.
At the time of downloading, a security window pops up. If the digital signature is valid, the dialogue box shows the publisher’s name in it. If there is no digital certificate, the publisher’s name will be shown as “unknown.” A code signing certificate gives assurance lớn the users that the software is coming from a verified publisher.
As you can see in the screenshot above sầu, the security dialogue box is showing “Microsoft Corporation” in the verified publisher’s field. It is Microsoft’s digital signature that no one can modify, change, replicate, or remove sầu. A third-các buổi party certificate authority conducts a rigorous verification process before granting a code signing certificate lớn a publisher.
Public Key vs Private Key in Two-Way Authentication
The public key & private key are also useful for two-way authentication, or what’s known as client authentication. Organizations don’t want any outsiders to lớn access their intranet websites, development and testing sites, & some resources made strictly for internal usage. In the same way, some sensitive internal emails shouldn’t be opened by outsiders. In this situation, the private key and public key helps to develop two-way authentication.
Some certificates (lượt thích “two-way SSL/TLS certs,” or what are known as personal authentication certificates or client authentication certificates) can be installed on employees’ office devices to enable two-way authentication where the VPS can verify the client. (With traditional SSL/TLS certificates, for example, it’s typically one-way authentication in that the client authenticates the VPS, not vice versa.)
Example: Suppose Alice & Bob are working for an organization with installed email signing certificates on their gmail clients. When Alice sends an email lớn Bob, she uses Bob’s public key & her private key to lớn encrypt & sign the gmail. When Bob receives the email, he decrypts it using his private key và Alice’s public key. No one else can open và read the email content because they don’t have the private key.
Personal Authentication Certificate: In the same way, personal authentication certificates (client certificates) are installed on the employees’ company devices (desktop, máy tính, & even smartphones). Both the client và server have a phối of a public key and private key. When employees try to open the website, the traditional TLS handshake process takes place first, where the hệ thống presents its SSL/TLS certificate, & the client authenticates it. After that, the client also provides its certificate for the hệ thống lớn authenticate.
Let’s understvà this process a bit better with another example:
John is a remote software developer working for XYZ corporation. The company has developed an intranet website intranet.xyz.com, which only employees can access. XYZ has provided a máy tính to John for office work in which a client certificate is installed. Whenever John tries khổng lồ open intranet.xyz.com, his browser checks the website’s SSL/TLS certificate as part of the TLS handshake process.
As part of the handshake, John’s device needs to lớn present its certificate, which the website’s server authenticates. Only once this process is complete can John access the intranet site. In this way, John can’t access intranet.xyz.com from any device other than his office máy tính xách tay.
Wrapping Up on Public Key vs Private Key
Encryption has two types. Symmetric and asymmetric. In symmetric encryption, there is only one key needed for encryption và decryption. That key must be kept secret by all endpoints và users. Key distribution and key management are challenges, & chances of compromise of key increase when a large number of endpoints are involved.
Asymmetric encryption (public key cryptography), on the other h&, is more secure when using large keys with strong entropy. That’s because two keys are involved (i.e., the public key & private key). The major difference between them is that the public key encrypts data whereas the private key decrypts it. Also, you can distribute public keys freely to lớn many endpoints without worrying about security compromise. But the private key is a precious treasure that must be protected at any cost.
We hope this article has helped you to lớn understand public key vs private key & their usage in public key cryptography.
Chuyên mục: Công nghệ tài chính
