### What is public key encryption?

Public key encryption, or public key cryptography, is a method of encrypting data with two different keys and making one of the keys, the public key, available for anyone to use. The other key is known as the private key. Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the private key can only be decrypted with the public key. Public key encryption is also known as asymmetric encryption. It is widely used, especially for TLS/SSL which makes HTTPS possible.

### What is a cryptographic key?

In cryptography, a key is a piece of information used for scrambling data so that it appears random; often it’s a large number, or string of numbers and letters. When unencrypted data, also called plaintext, is put into an encryption algorithm using the key, the plaintext comes out the other side as random-looking data. However, anyone with the right key for decrypting the data can put it back into plaintext form.

For example, suppose we take a plaintext message, “hello,” and encrypt it with a key*; let’s say the key is “2jd8932kd8.” Encrypted with this key, our simple “hello” now reads “X5xJCSycg14=”, which seems like random garbage data. However, by decrypting it with that same key, we get “hello” back.

Plaintext + key = ciphertext:

hello + 2jd8932kd8 = X5xJCSycg14=

Ciphertext + key = plaintext:

X5xJCSycg14= + 2jd8932kd8 = hello

(This is an example of symmetric encryption, in which only one key is used.)

*Using Blowfish algorithm, CBC mode, Base64 encoding.

### How does public key encryption work?

Public key cryptography can seem complex for the uninitiated; fortunately a writer named Panayotis Wryonis came up with an analogy that roughly goes as follows.

Imagine a trunk with a lock that two people, Bob and Alice, use to ship documents back and forth. A typical lock has only two states: locked and unlocked. Anyone with a copy of the key can unlock the trunk if it’s locked, and vice versa. When Bob locks the trunk and sends it to Alice, he knows that Alice can use her copy of the key to unlock the trunk. This is essentially how what’s known as symmetric cryptography works: one secret key is used for both encrypting and decrypting, and both sides of a conversation use the same key.

Now imagine, instead, that Bob makes a trunk with a special kind of lock. This lock has three states instead of two:

- A. Locked, key turned all the way to the left
- B. Unlocked, in the middle.
- C. Locked, key turned all the way to the right.

Instead of one key, two keys go with this lock:

- Key No. 1 can only turn to the left
- Key No. 2 can only turn to the right

This means that if the trunk is locked and the key is turned to position A, only key No. 2 can unlock it by turning right, to position B (unlocked). If the trunk is locked in position C, only key No. 1 can unlock it by turning the lock left, to position B.

In other words, either key can lock the trunk – but once it is locked, only the other key can unlock it.

Now let’s say Bob makes a few dozen copies of key No. 2, the key that only turns right, and shares them with everyone he knows and anyone who wants a copy, making it his public key. He keeps key No. 1 for himself – it’s his private key. What does this accomplish?

**Alice can send Bob confidential data via the trunk and be confident that only Bob can unlock it.**Once Alice has locked the trunk with the public key, which turns from left to right, only a key that can turn right to left can unlock it. That means only Bob’s private key can unlock it.**Alice can be sure that the trunk is actually from Bob, and not an impersonator, if it’s locked with his private key.**There’s only one key that can lock the trunk so that the lock is in position A, or turned all the way to the left: Bob’s private key. True, anyone can unlock it with the public key by turning the key to the right, but it’s guaranteed that the trunk is from Bob.

Substitute plaintext data for the trunk and cryptographic keys for the physical keys from this analogy, and this is how public key cryptography works. Only the owner of the private key can encrypt data so that the public key decrypts it; meanwhile, anyone can encrypt data with the public key, but only the owner of the private key can decrypt it.

Therefore, anyone can send data securely to the private key owner. Also, anyone can verify that data they receive from the owner of the private key is actually from that source, and not from an impersonator

**TYPES OF PUBLIC KEY ENCRYPTION**

- Diffie–Hellman key exchange protocol.
- DSS (Digital Signature Standard), which incorporates the Digital Signature Algorithm.
- ElGamal.
- Elliptic-curve cryptography. …
- Various password-authenticated key agreement techniques.
- Paillier cryptosystem.
- RSA encryption algorithm (PKCS#1)
- Cramer–Shoup cryptosystem.

**What are the 6 elements** **of public key encryption?**

- Plaintext. It is the data to be protected during transmission.
**Encryption**Algorithm. …- Ciphertext. …
- Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for any given ciphertext and decryption
**key**. … **Encryption Key**. …- Decryption
**Key**

**What are the features of encryption**?

**Features**

- Multiple Recipients & Documents. Senders can attach multiple documents with the email and send them to multiple recipients by a simple click.
- Secure. …
- Easy-to-use. …
- Documents Support. …
- No Capturing of Personal Details. …
- Web based Decryption. …
- Email Client Independent. …
- No Security Keys Required

**HOW TO SET UP PUBLIC KEY ENCRYPTION IN AN ORGANIZATION**

### Step 1: Key generation

Each person (or their computer) must generate a pair of keys that identifies them: a **private key** and a **public key**.You can generate a pair , using the same RSA algorithm that’s used by your computer buttons. The keys are generated by multiplying together two incredibly large primes. The algorithm repeatedly generates random large numbers and checks if they’re prime, until it finally finds two random large primes. All that checking for primes can take a while, and these keys are only 512 bits long. The current nationally recommended key length is 2048, or even 3072 bits.

### Step 2: Key exchange

The sending and receiving computers exchange *public keys* with each other via a reliable channel, like TCP/IP. The private keys are *never* exchanged.Key exchange diagram with a laptop and a server. The laptop screen shows a browser with a password input field. An arrow goes from the server to the laptop and is labeled with “SERVER_PUBLIC_KEY”. Under that, an arrow goes from the laptop to the server and is labeled with “CLIENT_PUBLIC_KEY.”

### Step 3: Encryption

The sending computer encrypts the secret data using the receiving computer’s *public* key and a mathematical operation.The power of public key encryption is in that mathematical operation. It’s a “one-way function”, which means it’s incredibly difficult for a computer to reverse the operation and discover the original data. Even the public key cannot be used to decrypt the data.You can try it out below, with the public key you generated above:

### Step 4: Sending encrypted data

The sender can now safely transmit the encrypted data over the Internet without worry of onlookers.Key exchange diagram with a laptop and a server. The laptop screen shows a browser with a password input field. An arrow goes from the server to the laptop and is labeled with string of encrypted text. An attacker looks unhappily at the text.

### Step 5: Decryption

Now the receiver can decrypt the message, using their *private key*. That’s the only key that can be used to decrypt the message (in the world!).Try it out below, with the encrypted message and *private* key from above: you successfully decrypt the message, try decrypting it with the *public* key. It won’t work; only the private key can decrypt it.

### But how is that possible?

It may sound too good to be true; that it’s possible to encrypt something with one key that can only then be decrypted by a different key. For a long time, mathematicians weren’t sure if it was possible, but fortunately they discovered a way in the 1970s.The math of the one-way function relies on prime numbers, the difficulty of factoring large primes, and modular arithmetic. If you’d like to dig deeper into the math, .Fortunately, all of us can use and benefit from public key cryptography without needing to understand the complicated math behind it. In fact, we likely use public key cryptography everyday as we use computers and the Internet. Just imagine, what would the world be without it?

**Advantages Of Public Key Encryption**

- Security is easy as only the private key must be kept secret.
- Maintenance of the keys becomes easy being the keys (public key/private key) remain constant through out the communication depending on the connection.

## Performance Disadvantages of Public Key Encryption

Public key encryption works very well and is extremely secure, but it’s based on complicated mathematics. Because of this, computers in the past had to work very hard to both encrypt and decrypt data using the system. In applications where you needed to work with large quantities of encrypted data on a regular basis, the computational overhead meant that public key systems could be very slow.

Thankfully, this isn’t as much of a problem today as systems run much faster. However, TechBeacon warns that good encryption practices have to be used so that you don’t experience many speed disadvantages of encryption with a public key. This includes using as few network connections as possible and sticking with close servers when you can.

## Potential Certification Problems

Many public key systems use a third party to certify the reliability of public keys. For instance, if you were to encrypt sensitive corporate data to send to your attorney’s computer, you’d want to be sure that the computer you were sending it to was really tied to his law firm. The third party, called a certification authority, digitally signs their public key, turning it into a digital certificate, so that you can be sure it’s safe to use.

However, if the certification authority gets compromised, the criminal that did it could issue false certificates and fool people into sending data to the wrong place. This has already happened.

## Potential for Direct Compromise

There are two ways to crack data encrypted with a public key system. The first is to find a hole in the underlying mathematics that can be used to break the cipher. As of the date of publication, no such hole is publicly known.

The other way to crack the encryption is to guess the correct key. Khan academy explains that public key encryption works on the basis of having an extremely large number that is derived from multiplying a large number hidden in the public key with a large number hidden in the private key. So, if you could factor that extremely large number, you could break the encryption.

As computers become more powerful and as quantum computing, which uses light to create even faster speeds than traditional supercomputers, becomes a reality, brute force attacks on public key encrypted data become practical.

## False Sense of Security

No matter how safe your public key cryptography system is, it only protects what it’s designed to protect. For instance, when your customers send you their credit card data over the Internet, that transfer is protected by a mixture of public and private key encryption and is extremely safe. However, once you receive that credit card data, if you leave a computer with access to your server out in the open, someone could sit down at the keyboard, download all of the securely transferred data and steal it. Public key encryption won’t protect against that and, as such, it’s only a part of an overall security system.

Drop Your comment

Hits: 3