DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Transactional Outbox Patterns Step by Step With Spring and Kotlin
  • Front-End: Cache Strategies You Should Know
  • AI Technology Is Drastically Disrupting the Background Screening Industry
  • Designing a New Framework for Ephemeral Resources

Trending

  • Transactional Outbox Patterns Step by Step With Spring and Kotlin
  • Front-End: Cache Strategies You Should Know
  • AI Technology Is Drastically Disrupting the Background Screening Industry
  • Designing a New Framework for Ephemeral Resources

Public Key Cryptogrophy – The Puzzle of Private and Public Keys

Crumb Peter user avatar by
Crumb Peter
·
Jan. 07, 20 · Presentation
Like (4)
Save
Tweet
Share
23.28K Views

Join the DZone community and get the full member experience.

Join For Free

Whenever we disclose any of our private information (or any type of info that might hamper our lives if it gets into the wrong hands) to an authority online, we always have second thoughts about how communication networks work and if they'll be able to keep our information secure.

So to end this uncertainty to some extent, you’ll get to know how public-key cryptography (asymmetric cryptography) helps carry out the exchange of our information over the internet securely in this article.

Whenever a layman sees the word cryptography, the things that first come to mind are often complex algorithms, coding, deciphering, etc. Here, we will learn about public-key cryptography in a simpler way.

We can understand how this works with an example where the data provided by the sender could be in the form of an email that is encrypted using a public key that is publicly accessible and decrypted by a private key into its raw version. Here, the public key will only work with the private key associated with it and vice-versa.

You may also like: What Is SSL? How Do SSL Certificates Work?

So here, we saw that whatever valuable information we passed over the email was not being hampered or accessed by any third party, which does not have the private key.

Another question that comes to our minds is how we keep this private key secure and inaccessible to unwanted people. Now, we’ll read about the methods to maintain the secrecy of the private key.

The first thing to keep in mind before storing a private key is to consider it equivalent to your digital signature, as it is unique and could be generated just by ourselves. Steer clear of providing remote access of the key to any third party

If you keep your private key accessible on any internet-connected device, it could be a threat, as it becomes easier for hackers to retrieve that key. Hence, it should be stored in a hard drive token, which is only locally accessible and password protected.

Just like we double check our house lock before leaving and have multiple locks for the main entrance, we must have multi-factor authentication for our private key as well so that it’s well protected. Lastly, similar to back when we used to keep three back up pens in our bag before any exam just so if one stops working we have other options there should be a backup for the private key as well.

Now, comes the question of how we get to know which websites have private key authentication and which do not. Have you ever noticed the http and https, which goes before the website address? Sites that have https are SSL certified.

SSL is the acronym for "Secure socket layer." The basic functionality of an SSL certificate is to certify that the website that we provide any kind of information to is protected and secure. It is necessary on a daily basis to protect our personal information like contact number, age, address, and most importantly, bank account details.

It is unimaginable how catastrophic it would be if any unauthorized individual/authority could get access to that information. This is where SSL comes into play with the help of the above-explained public key cryptography to protect data exchange between us and the website.

Just imagine your best friend has asked you to keep a secret. But he/she gets to know that your whole gang knows about the secret. He/she would obviously blame you, as he/she trusted you with their secret. Imagine that there was a third person all along who was eavesdropping and heard your conversation and you were being blamed for everything.

In this whole scenario, you are the website, your best friend is a user, the third person could be any hacker or fraud third-party, and the secret is the valuable data that the user provides the website. This is the exact reason why the SSL certificate should be there from a valid certificate authority.

We live in a world where a colossal amount of data is transferred between several authorities on a daily basis, but if this data is hampered or falls in the hands of a wrong person, then the whole communication system might collapse, resulting into loss of funds, wrongful thefts, or even invasion of privacy.

College students who have their personal details in the central management system database online, where the faculties also upload the marks and attendance accordingly. If someday, this data falls into the hands of a hacker, they would have the ability to change a student’s whole academic report card by messing with their academic score and even attendance.

What if it’s not marks that are being tampered with? What if it’s someone's hard-earned money? The extent of the effect it might have is unimaginable.

This article sums up how vital the public key encryption protocol is in our day-to-day lives, whether we’re sending an important email to an employee/client, purchasing something online, making a Facebook account, or sharing our Geo-location with our family and friends it's important that we can trust the system we're using.

Further Reading

  • Application and Data Security.
  • Authentication and Authorization: Mastering Security.
  • The Guide to VPN Security.
Public-key cryptography

Published at DZone with permission of Crumb Peter. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Transactional Outbox Patterns Step by Step With Spring and Kotlin
  • Front-End: Cache Strategies You Should Know
  • AI Technology Is Drastically Disrupting the Background Screening Industry
  • Designing a New Framework for Ephemeral Resources

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: