How is public key encryption used in encrypted messaging
Public key encryption, also referred to as public key cryptography or asymmetric cryptography, is a process of encrypting and decrypting messages transferred over the network using two keys. This is the opposite of symmetric cryptography, where a single key is used for encryption and decryption.
Public and private keys are the two keys used in public key encryption. The user keeps the private key secret, whereas the public key is shared with everyone over the internet. Multiple algorithms like RSA and elliptic curve cryptography (ECC) exist to send encrypted data over the internet. However, the general working of all these algorithms remains the same.
Public key encryption
Public key encryption is extensively used in encrypted messaging today. It is mainly used in the encryption, decryption, and digital signatures of the messages, as discussed in detail below.
Encryption
Encryption is converting human-readable text to an encoded cipher text to protect it from third parties while being transferred over the internet.
To understand the encryption process in public key encryption, let's take an example where person A wants to send person B a message. Person A has access to the public key of person B shared publicly. Person A takes the public key of person B and encrypts the message, converting it into a cipher text, as shown in the illustration below:
Decryption
Decryption converts the cipher text back to a human-readable form after it has been transferred over the internet.
So person B receives a cipher text from person A. Then person B uses their private key to decrypt the cipher text to a human-readable text, as shown in the illustration below:
Digital signature
A digital signature, as the name suggests, is a signature on the message signed by the sender to ensure the integrity and authenticity of the message.
The above-mentioned encryption and decryption algorithm does not provide authenticity and integrity to the message as it is transferred over the network. Any third party can change the cipher text, and person B would not know if the message was tampered with. They will just assume that the sender did not send the correct message. We can use digital signatures to tackle this issue.
The digital signature algorithm can be divided into two steps:
Signature generation
Signature verification
Signature generation
Signatures can be generated by the sender of the message, person A in this case. The message is first passed through a
Signature verification
Signatures can be verified by the message receiver, person B in this case. They first use their private key to decrypt the cipher received from person A. The original message and the signature are produced as the output. Then the receiver finds the hash of the message calculated by the sender by sending the signature into the public key of person A.
On the other hand, the receiver also calculates the hash of the original message using the same hash function used by the sender. The message has not been tampered with if both the hash/digest values match. This also ensures that the message originated from person A.
Conclusion
Public key encryption uses encryption, decryption, and digital signature algorithms to ensure that messages are transferred over the internet without being tampered with. Modern texting applications like WhatsApp, Signal, and Facebook use it for encrypted and secure messaging. In addition, applications like iMessage use it for a digital signature to ensure the authenticity and integrity of the message. Public key encryption serves as the bedrock for modern-day cryptography. It has played a huge part in protecting the data today and will continue to do so until the advent of capable quantum computers.
Free Resources
