Keys

From The spring:// Network Documentation
Jump to: navigation, search

Note: Read on if you wish to understand and apply the concepts of public and private keys. It is not necessary in order to use the network but is useful when dealing with sensitive data.


In cryptography, a key is the equivalent of your front door key -- each front door has a key to perform the action of locking and unlocking and no two front door keys are the same; if you use your front door key on another door's lock, it won't fit and the action can't be performed.

When it comes to cryptography, your key is used to perform an action on data in a way that only you can reverse (e.g. unlocking a locked door) or be shown that only you could have done (e.g. signing a document). If someone else uses their key to perform the same action as if they were you, it won't work or will result in garbage data. This is important as it provides a way of securing sensitive data and a way of proving an action is performed by the owner of that key.

Key Pairs in Public Key Cryptography[edit]

In Public Key Cryptography a user has a collection of keys known as key-pairs. Each key-pair consists of a Private key and a Public key, where both parts can be used at different ends of an action. The Public key, as the name suggests, can be safely left out in the open for anyone to use but your Private key is kept secret by you. The Public key is used to perform the public side of an operation and the Private key used to perform your private side of the operation.

To be able to do this was a revolutionary concept! The seed of which dates from the 1950s but really becoming useful during the early days of Internet in the 1970s and continues -- in one form or another -- to provide the basis of much of the security in global communications to this day. We are using a form that dates from the early 1990s called PGP or Pretty Good Privacy.

Keys in Encryption[edit]

The concept of Keys, when used for encryption, is fairly intuitive as the use of a key is similar to that with locks.

Here is the analogy -- You have a letter box which has a one-way chute (like the trapdoors on parcel boxes). You want to give anyone who requires it the ability post you letters but only letters addressed to you and you don't want anyone to be able to read them once they're posted. The solution for your letter box is to have a key for a lock that opens the front of the letter box, allowing people to post letters if they have the key. You then have a key for a lock on the back that allows you to open the bottom and retrieve the letters. Here there are two sides of the operation -- unlocking the front to post letters and unlocking the back to retrieve them. You then send a copy of your public key to anyone who wants to post you a letter and you're safe in the knowledge that having the public key won't provide access to the rest of the letters.

This is the equivalent of public key encryption, where using someone's public key is a one-way operation that requires the private key to reverse; if you take a message that has already been encrypted by someone's public key (this encrypted message is called a ciphertext) and use the same public key to decrypt it, you will end up with garbage. There is no way to decrypt the original message with the public key.

Keys in Signing[edit]

The concept of Keys, when used for digitally signing, is not as intuitive as encryption because you generally don't use your front door key to sign a document. However, we'll look at an analogy (it's a bit of a stretch and it's not complete, as we'll see).

You want to sign important documents but your signature can be forged. Your solution is to have a pen that has an ink that turns green when you shine a special light on it; the light will make all other inks shine red. If a person tries to forge your signature and another checks to see that the signature was originally made by you, it will fail the light test as it wasn't signed with your special ink thus proving that it is a forgery. You keep your pen to yourself and you provide the light to anyone who needs to verify your signature.

This is naive but here the private key takes the role of the pen with ink and the public key takes the roles of the light. The actual digital signing operation is a lot more powerful! By using your private key to sign data (file or document) and others using your public key to verify the signature, you not only have a way for anyone to prove that it was your private key that was used to sign but it also proves that the data has not changed since signing. This last part is known as integrity and is an important part of cryptography.

Keys in Integrity Checks[edit]

By using public/private keys, you can prove that data has not changed; it has retained its integrity. Any data that is operated on is treated as a whole. If the data is changed then its verification will fail. If you sign data with your private key and someone changes the data to make it seem like you signed something completely different: when the data is verified with your public key it will fail it's integrity check. This is really useful as it means anyone with access to your public key can prove that what you signed is the same as that provided.

See Also[edit]