What is Public-Key Cryptosystem in Information Security?

A public-key cryptosystem is that the messages is encrypted with one key and can only be decrypted with a second key, etc. A strong public-key system is one in which control of both the algorithm and the one key provides no beneficial information about the other key and thus no indication as to how to decrypt the message.

In public key cryptography, it is not applicable to calculate private key using the available public key in the network. Because of this reason public key can be completely available in the network.

If a user encrypts a message with the public key of a target user, that message is decrypted only by the target user’s private key. Furthermore, if a message is encrypted by a private key of a user, it is decrypted by the public key of that user. This process is also known as digital signature.

The keys generated in public key cryptography are large including 512, 1024, 2048 and so on bits. These keys are not simply to learn. Therefore, they are maintained in the devices including USB tokens or hardware security modules.

A major problem in public key cryptosystems is that an attacker can masquerade as a legal user. It can substitutes the public key with a counterfeit key in the public directory.

Moreover, it can intercepts the communications or alters those keys. Public key cryptography plays an essential role in online payment services and e-commerce etc. These online services be secure only when the validity of public key and signature of the user are secure.

The asymmetric cryptosystem should implement the security services including confidentiality, authentication, integrity and non-repudiation. The public key should support the security services including non-repudiation and authentication.

The security services of confidentiality and integrity considered as an element of encryption process completed by private key of the user.

The major applications of public key cryptography are considered are Digital Signature and Data Encryption. The encryption application supports the confidentiality and integrity security services for the information. The public key supports the security services including authentication and non-repudiation.

Digital signatures are very beneficial in online applications. It supports the authentication and assurance of a user. The digital signatures are produced by user’s private key and also implement hashing on the encrypted information.

The encrypted data define the digital signature is checked by the public key of the concerned user. The digital signatures will not be changed and tampered by any one.

The major advantage is forging is not applicable. But in traditional physical signatures forging is applicable. Therefore, digital signatures supports the unique identity of a user or file.