What is Public key cryptography in information security?

Public key cryptography is an encryption method that needs a paired public and private key (or asymmetric key) algorithm for secure data communication. Public-key cryptography is also called an asymmetric cryptography. It is a form of cryptography in which a user has a pair of cryptographic keys including public key and a private key.

The keys are related numerically, but the private key cannot be changed from the public key. A message encrypted with the public key can be decrypted only with the correlating private key.

There are two main branches of public key cryptography are as follows −

  • Public Key Encryption − A message encrypted with a recipient’s public key cannot be decrypted by someone except the recipient occupying the corresponding private key. It can be used to provide confidentiality.

  • Digital Signatures − A message signed with a sender’s private key can be checked by someone who has access to the sender’s public key, thereby examining that the sender signed it and that the message has not been altered with. This can be used to provide authenticity.

A digital signature is a numerical technique which validates the authenticity and integrity of a message, software or digital files. It enables us to check the author name, date and time of signatures, and authenticate the message text. The digital signature provides more inherent security and intended to solve the issue of tampering and impersonation in digital communications.

An agreement for public-key encryption is that of a secured mailbox with a mail slot. The mail slot is defined and usable to the public; its location (the street address) is in aspect the public key. Anyone understanding the street address can go to the door and drop a written message through the slot but only the person who acquire the key can open the mailbox and read the message.

An analogy for digital signatures is the secure of an envelope with a personal wax seal. The message can be opened by someone, but the presence of the seal verify the sender.

The main issue for public-key cryptography is proving that a public key is authentic, and has not been tampered with or restored by a malicious third party. The general approach to this problem is to need a Public-key Infrastructure (PKI), in which one or more third parties, called a certificate authorities, certify ownership of key pairs. Another method, used by PGP, is the “web of trust” method to provide authenticity of key pairs.

Public key techniques are much more computationally comprehensive than purely symmetric algorithms. The use of these techniques allows a broad variety of applications.