[Next]
[Up]
[Previous]
Next:
The Real Importance
Up:
Key Management
Previous:
Key Management
The
concept of public key cryptography was most appealing because it
greatly simplifies some of the problems involved in distribution of
secret keys. When applied to encryption, it allows a person sending a
message to send a message that can only be read by the receiver,
without having a need for the sender and receiver to agree on any
secret key. The reason for this is that in public key cryptography,
the key used for encryption is different from the key used for
decryption. In practice, the methods that have been developed for
realizing public key encryption are comparitively slow, and public key
cryptography is generally used for encrypting ``session keys'' that
are then used for a faster traditional single-key encryption method
such as the Data Encryption Standard (DES).
In addition to the convenience of key management for encryption
provided by public key cryptography, it also provides a means to
implement digital signatures. The separation of public and private
keys is exactly what is required to allow users to sign their data
(with their secret key), allow others to verify their signatures
with the public key, but not have to disclose their secret key in
the process.
The secret key then provides the link between the public key and the
individual, and will remain a valid link only if the user properly
maintains the secrecy of the private key. If for some reason a user's
secret key for a digital signature scheme is compromised, then the
public key may need to be revoked. If it is known when the private
key was compromised, then there is no need to invalidate all of the
documents that were signed prior to this date.
Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995