Encryption Keys

KEY POINT

For encryption and decryption to work, devices need keys. The sender needs a key to lock (encrypt) the message, and the receiver needs a key to unlock (decrypt) the message.

Two secure ways to ensure that the receiving device has the correct key are the use of shared secrets and the Public Key Infrastructure (PKI).

With shared secrets, both sides know the same key. The encryption key can either be identical to the decryption key or just need a simple transformation to create the decryption key. The keys represent a shared secret between two or more parties that can be used to maintain a private information link. The key is carried out-of-band to the remote side; for example, one user might telephone the other to tell him or her what the key is. Although this is the easiest mechanism, it has some inherent security concerns. Because the keys are potentially subject to discovery, they need to be changed often and kept secure during distribution and while in service. Reliably selecting, distributing, and maintaining shared keys without error or discovery can be difficult.

PKI uses asymmetric keys, in which the encryption key is different from the decryption key. Most PKI systems rely on certificates to establish a party's identity and its public key; certificates are issued by a centralized certificate authority (CA) computer whose legitimacy is trusted. Each unique pair of public and private keys is related but not identical.

KEY POINT

Data encrypted with a public key can be decrypted only with the corresponding private key, and data that is encrypted with a private key can be decrypted only with the corresponding public key.

In PKI, data encrypted with the public key cannot be decrypted with the public key.

Parties that need to encrypt their communications exchange their public keys (contained in certificates) but do not disclose their private keys. The sending party uses the receiving party's public key to encrypt the message data and forwards the ciphertext (the encrypted data) to the receiving party. The receiving party then decrypts the ciphertext with its private key. PKI encryption is widely used in e-commerce sites.

Was this article helpful?

0 0

Post a comment