Private information can be transmitted across
public networks such as the Internet providing it
is sent in a form which makes it unintelligible
to anyone other than intended recipients. This is
most commonly achieved over the public Internet
by means of encryption. The recipient will
typically have a key to decrypt the information
received. The RSA
FAQ list is a good introduction to the
subject and the terminology. For example, you
will learn that the well-known DES encryption
system is an example of private key (or symmetric
key) cryptography. The Kerberos system developed
at MIT uses secret keys storing them in a central
database. Symmetric key cryptography requires a
sender to communicate to a receiver the private
key - this may be a disadvantage in situations
with widely distributed or rapidly changing
communicants.
Public key cryptography such as the RSA public
key cryptography system is becoming more widely
discussed for commercial applications. Systems
which use cryptography in this way are commonly
known as PKI (Public Key Infrastructure). PKI
enables groups who have had no previous contact,
such as Internet site visitors, to exchange
information securely. A major advantage of PKI is
that it does not rely on central control over the
private keys - protecting these becomes the
responsibility of each holder.
PKI allows one to use the recipient's public
key to encrypt data. Providing the recipient has
not divulged his private key, only the recipient
can then decrypt it, as the sender's private key
is also used in the encryption algorithm.
Furthermore, when a sender encrypts data using
his own private key, anyone can decrypt it using
the public key, so preventing a sender who has
not divulged his private key from denying he sent
it (known as non-repudiation). This principle can
be used in creating digital signatures.
A disadvantage of public key encryption is
that considerably greater computer resources are
usually required than for secret key encryption.
Commercial systems often use a hybrid of public
and secret key encryption, using a secret key to
encrypt/decrypt the message itself in combination
with public key encryption to transmit the secret
key securely. This is known as a digital
envelope.
|