Join the DZone community and get the full member experience.
Join For Free
Whenever we disclose any of our private information (or any type of info that might hamper our lives if it gets into the wrong hands) to an authority online, we always have second thoughts about how communication networks work and if they'll be able to keep our information secure.
So to end this uncertainty to some extent, you’ll get to know how public-key cryptography (asymmetric cryptography) helps carry out the exchange of our information over the internet securely in this article.
Whenever a layman sees the word cryptography, the things that first come to mind are often complex algorithms, coding, deciphering, etc. Here, we will learn about public-key cryptography in a simpler way.
We can understand how this works with an example where the data provided by the sender could be in the form of an email that is encrypted using a public key that is publicly accessible and decrypted by a private key into its raw version. Here, the public key will only work with the private key associated with it and vice-versa.
You may also like: What Is SSL? How Do SSL Certificates Work?
So here, we saw that whatever valuable information we passed over the email was not being hampered or accessed by any third party, which does not have the private key.
Another question that comes to our minds is how we keep this private key secure and inaccessible to unwanted people. Now, we’ll read about the methods to maintain the secrecy of the private key.
The first thing to keep in mind before storing a private key is to consider it equivalent to your digital signature, as it is unique and could be generated just by ourselves. Steer clear of providing remote access of the key to any third party
If you keep your private key accessible on any internet-connected device, it could be a threat, as it becomes easier for hackers to retrieve that key. Hence, it should be stored in a hard drive token, which is only locally accessible and password protected.
Just like we double check our house lock before leaving and have multiple locks for the main entrance, we must have multi-factor authentication for our private key as well so that it’s well protected. Lastly, similar to back when we used to keep three back up pens in our bag before any exam just so if one stops working we have other options there should be a backup for the private key as well.
Now, comes the question of how we get to know which websites have private key authentication and which do not. Have you ever noticed the http and https, which goes before the website address? Sites that have https are SSL certified.
SSL is the acronym for "Secure socket layer." The basic functionality of an SSL certificate is to certify that the website that we provide any kind of information to is protected and secure. It is necessary on a daily basis to protect our personal information like contact number, age, address, and most importantly, bank account details.
It is unimaginable how catastrophic it would be if any unauthorized individual/authority could get access to that information. This is where SSL comes into play with the help of the above-explained public key cryptography to protect data exchange between us and the website.
Just imagine your best friend has asked you to keep a secret. But he/she gets to know that your whole gang knows about the secret. He/she would obviously blame you, as he/she trusted you with their secret. Imagine that there was a third person all along who was eavesdropping and heard your conversation and you were being blamed for everything.
In this whole scenario, you are the website, your best friend is a user, the third person could be any hacker or fraud third-party, and the secret is the valuable data that the user provides the website. This is the exact reason why the SSL certificate should be there from a valid certificate authority.
We live in a world where a colossal amount of data is transferred between several authorities on a daily basis, but if this data is hampered or falls in the hands of a wrong person, then the whole communication system might collapse, resulting into loss of funds, wrongful thefts, or even invasion of privacy.
College students who have their personal details in the central management system database online, where the faculties also upload the marks and attendance accordingly. If someday, this data falls into the hands of a hacker, they would have the ability to change a student’s whole academic report card by messing with their academic score and even attendance.
What if it’s not marks that are being tampered with? What if it’s someone's hard-earned money? The extent of the effect it might have is unimaginable.
This article sums up how vital the public key encryption protocol is in our day-to-day lives, whether we’re sending an important email to an employee/client, purchasing something online, making a Facebook account, or sharing our Geo-location with our family and friends it's important that we can trust the system we're using.
Further Reading
Topics:
security,
public key,
private key,
sha256,
ssl,
ssl certificate
Published at DZone with permission of Crumb Peter. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments