"Public Key" encryption is scheme for encrypting documents and other data. In the Public Key scheme, I (for example) make two complementary encryption keys, one a "private key" that is secret, and that only hold, and one a "public key" that I give to the world. While the two keys are intrinsically related, the public key cannot be used to deduce the private key, and other people with the public key cannot unencrypt data that was encrypted with it. Only the holder of the private key can unencrypt data encrypted with the corresponding public key. Two purposes may be served here: encryption and authentication. While many persons' concerns center on privacy and the security that can be provided over the internet in transmitted data, one may well have to consider authentication as well, insuring that who claims to have sent something actually is the source.
To send me secure data, a person uses my freely available public key (which I have somehow made available, e.g., from a link: My Public Key) to encrypt their data. I then use my secret private key to unencrypt it.
For authentication the scheme is reversed: the person sending me data uses their secret private key to sign their data and I use their freely available public key (which I have obtained) to insure the signature is genuine.
Encryption programs generally encrypt whole files. Some can also encrypt pieces of a file. They can work as a stand-alone program; with commands given from a GUI or from a system prompt (e.g., DOS or Unix); or as an integral part of another program, literally sitting inside the other program (e.g., sitting inside a data base and encrypting data being sent between client machines and the database server).
PGP(R) is a cryptography program, properly referred-to as "Pretty Good (R) Privacy." PGP is distributed free of charge to non-profit entities: the official United States distribution site is MIT Distribution Site and the international distribution site is The International PGP Home Page. Commercial distributors are PGP, Inc. and Network Associates.
PGP is one of the industry-standard encryption programs. It can serve many purposes, but the two basic ones are security (i.e., nobody can read the data being transmitted) and authentication (i.e., a digital "signature" can be attached to insure it is really coming from the whom it is that is claiming to be sending it).
While no such claim has ever been made that the encryption it provides is unbreakable, as its author is far too knowledgeable in the field and too moral generally to make such a claim, the encryption that PGP provides is -- for every practical purpose -- unbreakable. The following observations may be made on this point:
PUBLIC KEY - - what everybody talking to you has.
PRIVATE KEY - - what only you have.
Everybody who is going to communicate with you has your public key and knows it's really yours. This means you have already supplied them with your public key, perhaps by placing it on a web site or even having handed it (literally in-person handed a floppy diskette with the key on it) to the person(s) who will be receiving your communications.
ENCRYPTION MODEL - - you receive something: only you can decode.
For message encryption, the sender (who already has your public key) encrypts a message with your public key: only you can decode it (with your private key). (N.B., you do not necessarily know from whom the message came, as anyone with access to your [presumably] unsecure public key could have encrypted it.)
AUTHENTICATION MODEL - - you send something: it really came from you.
Also referred to as an "Electronic Signature," for message authentication, you encode your signature (or even an entire message) with your private key: anyone who has your public key can decrypt it and know that it could only have come from you. (N.B., this also serves as an encryption model, as it still sends an encrypted message.)
As an example of this system at work, I have a colleague to whom I have made available my public key (and that colleague or I may give it anyone else). That colleague may now encrypt data to me using my public key, and only I will be able to unencrypt it: from everyone else - - with or without encryption software - - it will be secured. Likewise, I can now encrypt a signature with my private key and send it to my colleague, and he or she will know that since my public key will only open what has been encrypted with my private key that it actually came from me.
Doc Steve Web Coding Service will post its public key on its web site. Instructions in the installation of the public key will also be posted there. The clients themselves will be responsible for the acquisition, installation, and training on the use of software (e.g., PGP).
Communications between concerned clients and Doc Steve will be divided into two categories: those communications that are considered sensitive and must be encrypted (such as proprietary client data), and those that are not considered sensitive (general, non-proprietary information). A formal protocol will be established to determine which communications fall into which categories for each client. Prior to the distribution from Doc Steve of data files or sending e-mail in "sensitive" category, the relevant files will be encrypted with Doc Steve's private key. These files will then be decrypted at the client. This system will be reversed for files sent from the clients to Doc Steve: the clients will encrypt using Doc Steve 's public key, and Doc Steve will decrypt using its private key. If authentication (i.e., an electronic signature) by Doc Steve of the client's transmission is required, the client will post or transmit to Doc Steve a public key, and encrypt with their own private key.
|
Document: http://
Revised: |