public key

Posted on 2006-04-22
Last Modified: 2012-05-05
How does a public key  avoid the security risk posed by having users share secret keys the key is public  what prevents a cracker from using the public key to decrypt the message?
Question by:teera
    LVL 5

    Assisted Solution

    Have you read the concepts of public key encryption???

    Normaly in asymmetric encryption decryption is done by private-key not public key... so no one but the intended recipient will be able to decrypt the message...

    i.e. In a communication between X and Y, X will encrypt msg with Ys public key and send to Y. Y will be able to decrypt message with his private key.

    LVL 32

    Assisted Solution

    With a public key encryption system there is also the PRIVATE key.  Something encrypted with the public key can only be decrypted with the private key.  So even though anyone may be able to get the public key and encrypt with it, having it is of no help in decrpytion.  That makes this a very useful technique, it's also why it's very important to keep the private key private.

    This is called an ASYMMERIC cryptosystem since DIFFERENT keys are used for encryption vs. decryption.  Contrast that with SYMMETRIC system (like the widely used DES algorithm) where the SAME key is used for both encryption and decryption.

    There are valid uses for both...
    LVL 27

    Accepted Solution

    A more detailed information can be found here:

    Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. This is done by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.

    The term asymmetric key cryptography is a synonym for public key cryptography in most cases. However, there are asymmetric key encryption algorithms which do not have the public key-private key property noted above. For these algorithms, both keys must be kept secret.

    In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.

    There are many forms of public key cryptography, including:

        * public key encryption — keeping a message secret from anyone that does not possess a specific private key.
        * public key digital signature — allowing anyone to verify that a message was created with a specific private key.
        * key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.

    Typically, public key techniques are much more computationally intensive than purely symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications.

    (....more to read, please follow the link)

    LVL 3

    Assisted Solution

    The public key is used to encrypt and the private key is used to decrypt. You can give your public key to anyone and it will only mean that they are then able to encrypt a message mean for you. Your private key you keep to yourself as this is the key to decrypt. If you do not give your privatekey to anyone then no one but you will be able to decrypt the messages encrypted with your public key.
    LVL 32

    Assisted Solution

    >>The public key is used to encrypt and the private key is used to decrypt

    Actually it can go either way.  Either key can be used to encrypt and the OTHER key will decrypt.  Typical practice is to use the PUBLIC key to encrypt and the private key to decrypt.  But other scenarios use the PRIVATE key to encrypt.  For example if you wish to prove you sent something, you can encrypt it with your private key.  Then people who decrypt it with your public key can know you encrypted it since only you (presumably) have the private key.
    LVL 5

    Assisted Solution

    >> For example if you wish to prove you sent something, you can encrypt it with your private key.
    I think in that scenario we use "digital signatures" instead of encrypting the message itself with the private key...  So you encrypt the message for security and use digital signatures for authenticity...

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now