Subscribe by Email

## Monday, October 14, 2013

### What are secret-key and public-key signatures?

- Asymmetric cryptography is often referred to as the public-key cryptography.
It is a cryptographic algorithm which makes use of two individual keys namely the secret key and the public key.
- The secret is kept private and the public key is open.
- Even though these two keys are different, there is some mathematical link between the two.
- The key which is used for the encryption of the plain text and verification of the digital signature is the public key.
- So, the private key is one that is used for the decryption of the cipher text in to plain text or for creation of a digital signature.
- Both these keys are contrast of each other unlike in the symmetric cryptography where the same key serves both the purposes.
- The public keys are created based up on some mathematical problems for which presently there is no efficient solution such as the following:
Ø  Elliptic curve relationships
Ø  Discrete logarithms
Ø  Integer factorization
- Generating the public and the private key pair is computationally easy for the users.
- The strength of the public keys lies in the fact that determining the private key from its public key is computationally in feasible or almost impossible.
Thus, without fearing any compromise with the security, the public key can be published whereas the private key is kept hidden from everyone so as not to reveal it to anyone who does not has authorization for performing the digital signatures or reading the messages.
- Unlike for the symmetric key algorithms, a secure initial exchange of the secret keys is not required for the public key algorithms.
- In the process of message authentication, a private key is used for processing a message for producing the digital signature.
- After doing so, the signature can be verified by anyone by processing the value of the signature using the corresponding public key of the signer.
- The result is then compared with the message.
- The unmodified nature of the message is confirmed a success signal.
- Also, it is presumed that the private key of the signer has been kept hidden from the others.
- However, in practical applications, the message’s digest or hash is encrypted and used as the signature.
- The fundamental security components of the cryptosystems, protocols and applications are the public key algorithms.
These systems underpin the following internet standards:
Ø  PGP
Ø  GPG
Ø  TLS or transport layer security

- Secrecy as well as Key distribution is provided by some of the public key algorithms such as the Diffie-Hellman key exchange algorithm while some algorithms like Digital signature algorithm provide the digital signature and some others offer both the things.
- An example of such algorithm is RSA.
- All these algorithms have been widely accepted.
- A pair of cryptographic keys (i.e., a public key for encryption and a private key for decryption) is provided to each of the users.
- Similarly, for digital signatures the pair of keys consists of a private key for signing and a public key for verification.
- The concept of the private key has been introduced so as to ensure the confidentiality.
- The digital signatures can be verified by anyone possessing the corresponding public key.
- With such a confirmation it is confirmed the private key is possessed by the sender.
- This is also a way to confirm that no tampering has been done to the message.
- If the message has been tampered, it will introduce changes in the encoded message digest.
- Mail box having a mail slot and a personal wax seal can be taken as an analogy to public – key encryption and digital signatures respectively.