| Term | Description |
|---|
| Plaintext | This is the original message that needs to be transmitted |
| Ciphertext | This is the encrypted version of plaintext. I.e. after it has been encrypted for transmission. It must be decrypted before it can be understood by the receiver |
| Encryption | Encryption is the process of rendering a message (the plaintext) unintelligible other than to authorised recipients |
| Private Key | The private key is used by an individual to decrypt messages encrypted using their public key and is known only to them. |
| Public Key | A key widely available that can be used to encrypt messages that only the owner of a private key can decrypt. A person’s public key is used to encrypt messages sent to an individual. |
| Asymmetric Key encryption | Using a pair of keys which one becomes a public key and the other private. Both combinations must be used to encrypt and decrypt a message. |
Public / Private Key §
- When a user wishes to use asymmetric key encryption, the individual generates two keys: one to encrypt and one to decrypt
- Which one is used as a public / private key does not matter, as they work together. However, only the other key will work to reverse the encryption.
- The keys themselves are integer values (derived from prime values) which are designed to be unviable to deduce the other key without an insane amount of processing time and power
- The range of integers must make a brute force attack impractical
Key Usage §
- Once a set of keys has been generated, one is designated a public key and the other a private key
- Two-way communication needs two sets of keys
- These keys can then be used in different ways:
- Anybody wishing to send confidential data encrypts it with the recipient’s public key. It can then only be decrypted with the recipient’s private key (which only they should possess)
- The sender’s private key can be used to encrypt a hash (fingerprint) of the transmission data. This is called a digital signature (Digital Certificates)
- The recipient can be confident of the originating source
Problems §
- ‘Man in the middle’ attacks
- MITM attack is a cyberattack where the attacker secretly relays (and possible alters) the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.