Public Private Key Encryption

Preview:

Part 2 of my two-part series on encryption. This builds on the December 2024 article on encryption. Here I explain the near miracle of public private key encryption. How can you safely communicate with your bank, or safely buy merchandise online?

The Problem

Last month I explained encryption basics, so you should understand how a password is used to create a key that can encrypt information and keep it private. But, if you are connecting to your bank, or an online store, or a secure email vendor, how can you be sure the transaction is secure?

The Objective

There are 3 separate requirements:

I'm actually connecting to the correct source.
We are protected from someone watching what we send back and forth. This third-person is called the man-in-the-middle. We can exchange a key to use for encryption, without that third-person seeing what the key is!
The communication is protected, so our messages cannot be tampered with.

The Solution

When you go to the site, your browser checks for a certificate verifying that the site belongs to the company. It alerts you if there is a problem. This is the best we can do, but the weakest part of the system. Be careful to check that you are actually where you want to be.
The company then creates an enormous key to lock your messages. This is called the public key because it goes out to the public. The weird thing about this key, is that messages encrypted with it, can only be decrypted using both it and a special secret hidden Private key the store or bank keeps hidden and secret.
Your browser then makes a secret key and uses their public key to encrypt it. Note that even if there is a third person, a man-in-the-middle, they can't see inside your message because both the public key and the secret private key are required to decrypt it.
From this point on, messages are encrypted with this secret key that only your browser and the host company knows.
When either your browser or the website creates a message, they also create a digital fingerprint of the message. If anything in the message changes, the fingerprint doesn't match and communications stops.

Date: January 2025

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Public Private Key Encryption Preview: Part 2 of my two-part series on encryption. This builds on the December 2024 article on encryption. Here I explain the near miracle of public private key encryption. How can you safely communicate with your bank, or safely buy merchandise online? The Problem Last month I explained encryption basics, so you should understand how a password is used to create a key that can encrypt information and keep it private. But, if you are connecting to your bank, or an online store, or a secure email vendor, how can you be sure the transaction is secure? The Objective There are 3 separate requirements: I'm actually connecting to the correct source. We are protected from someone watching what we send back and forth. This third-person is called the man-in-the-middle. We can exchange a key to use for encryption, without that third-person seeing what the key is! The communication is protected, so our messages cannot be tampered with. The Solution When you go to the site, your browser checks for a certificate verifying that the site belongs to the company. It alerts you if there is a problem. This is the best we can do, but the weakest part of the system. Be careful to check that you are actually where you want to be. The company then creates an enormous key to lock your messages. This is called the public key because it goes out to the public. The weird thing about this key, is that messages encrypted with it, can only be decrypted using both it and a special secret hidden Private key the store or bank keeps hidden and secret. Your browser then makes a secret key and uses their public key to encrypt it. Note that even if there is a third person, a man-in-the-middle, they can't see inside your message because both the public key and the secret private key are required to decrypt it. From this point on, messages are encrypted with this secret key that only your browser and the host company knows. When either your browser or the website creates a message, they also create a digital fingerprint of the message. If anything in the message changes, the fingerprint doesn't match and communications stops. Date: January 2025 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk