When Alice and Bob decide to communicate by secret messages to be sent through an insecure media, they can agree on a key (that the must keep only for them) and then use that key for encrypt and decrypt the message before sending into the public area.
The symmetric approach
In this way Alice can send an encrypted message to Bob (encrypted with key AB) and Bob can use the same key AB to decrypt it. When the message is sent through the public area no one can understand it because does not have the key. This is the symmetric encryption and it is based on sharing the same key among participants in the communication.
This approach as a downside. Alice and Bob must agree on the same key but how do they can, since they cannot send the key in clear on the public area? We should need a secure encrypted connection for sharing the key, but how can we estabilish such a connection if we cannot communicate any key?
It is here that public key cryptography comes into play. Infact with asymmetric cryptography, Alice has a pair of keys (Apub and Apriv). While Apub derives from Apriv, it is not possible to get Apriv from the Apub. The private and public key pairs has the following important properties:
- You cannot guess one key knowing the other;
- Anything you encrypt with pubkey can be decrypted with privkey and everything you encrypt with privkey can be decrypted with pubkey;
The public key is public and can be published everywhere. So Alice can publish her Apub on her webpage and Bob can do the same with his Bpub.
The private key instead is our secret and must not be shared with anyone, no person should know about it.
Now it’s simple. If Alice wants to send a message to Bob she just has to encrypt the message with Bpub and send this message through insecure public area (where no one can decrypt it).
When Bob receive the message, he can understand it because he has the private key (Bpriv) associated to that public key.
Message is verified
There is another cool thing you can do with it. Infact Alice can encrypt a message with her private key Apriv, but cannot send to public area in this way because anyone should decrypt while using here public key. She then can encrypt again with Bob public key (Bpub) that she has.
After that this message can be sent to Bob. Bob can decrypt the message using his private key Bpriv and then can verify that message really comes from Alice because he can use Apub to verify. Infact since the Apub can be used to decrypt this layer, this means that Alice and only Alice has sent the message because only her has the Apriv key. This also means that the message cannot be intercepted by anyone otherwise the message would not be verified with her public key.
So the fact that the message can be decrypted (at the first layer) with Apub means that the messages really comes from the sender and it has not been counterfeit.
So sending a message in this way ensures the following:
- no one can read the message a part Alice and Bob
- Bob is sure that message come from Alice and not from impostor
- Bob is sure that the message has not been counterfeit or altered by anyone.
So this one is the simplified concept and idea behind public key cryptography that is very clever and interesting and important for secure communications.