Public Key Cryptography (PKC) is a paradigm which uses a pair of keys in a given
communication; one key is used for encrypting the message and the other key is used for
decrypting it. Each key may serve either purpose, but a message encrypted using one key
may ONLY be decrypted by the other key.
The following illustration demonstrates how such a pair of keys may be employed for secure
communication:
Party A has generated a key-pair. They retain one key, the private key, and
distribute they other key, the public key, to Party B in a trustworthy way (see Section
4.1.2).
1. A encrypts a message using the private key and sends it to B. If B is able to
decrypt the message using the public key, then B may be confident that the
message did in fact originate from A, since only A has the private key.
2. B encrypts a message using the public key and sends it to A. Since the message
may only be decrypted using the private key, and only A has this key, B may be
confident that only A will be able to read the message.
Thus, using A's private/public pair of keys, B can ensure that (1) A is who they purport to be,
and (2) Any messages that are sent to A can be read by that party only. However, the
following weakness remain: (1) A cannot be confident that B is who B purports to be, and
(2) Communications from A to B may be read by anyone who has the public key.
While both of these weaknesses may easily be overcome if B has their own key-pair and has
provided the public key to A, this is often not practical due to the amount of effort involved.
However, the latter shortcoming may easily be overcome in the following way:
3. B automatically generates a temporary key-pair. Since B may be confident that
its messages to A are only read by A, B can securely provide one of the keys to A.
Once A has received this key, they may use it to encrypt any messages sent to B.
They may therefore be confident that only B can read any subsequent messages.
Thus, a single private-public key-pair has the potential to offer the following security:
I.Parties receiving messages from the owner of the key-pair can verify that encoded
messages originated from the owner.
II.Secure messages may be sent between the owner and other parties.
As mentioned, this presumes that the owner of the key-pair is able to distribute their public
keys in a trustworthy manner. In practice, this is achieved by means of public key certificates
and Certificate Authorities.