UNDERSTAND PRIVATE/PUBLIC KEY ENCRYPTION
Microsoft Windows Server 2008 Resources and Reviews
Several encryption schemes for securing data transmission are in current use: private key
encryption, public key encryption, and combinations of the two. The set of these three
schemes and the technology and standards or protocols that surround them collectively
is known as the public key infrastructure (PKI). In Windows Server 2008, PKI is an integral
part of the operating system, especially in Active Directory. Windows Server 2008 has
implemented all three encryption key schemes and fully supports them with AD CS.
Private Key Encryption
Private key encryption, or symmetric cryptography (which is also what is used with file and
folder encryption, as previously discussed), is relatively old and uses a single key to both
encrypt and decrypt a message. This means that the key itself must be transferred from
sender to receiver. If this is done over the phone, the Internet, or even a courier service,
an unauthorized person simply needs to intercept the key transfer to get hold of the key
and decrypt the message. Private key encryption, though, has a major benefit in that it is
much faster (as much as 1,000 times faster) than the alternatives. Private key schemes are
therefore valuable in situations where you do not have to transfer the key or can do so
with security—for example, for personal use such as data encryption, as just discussed,
or sending information to someone that you first meet face to face. Several private key
encryption schemes are available with Windows Server 2008 for exchanging information.
If you are transferring information among Windows Server 2008 and Windows Vista
computers, Advanced Encryption Standard (AES) 128 will be used by default using a key
128 bits long. Within the same versions of Windows, AES-192 and AES-256 are also available
with respectively longer keys. For exchanges with older versions of Windows and
other operating systems, the default is to use 3DES (three-step encryption using the Data
Encryption Standard). The older DES using a 56-bit key is no longer felt to be secure.
Public Key Encryption
Public key encryption, or asymmetric cryptography, which was developed in the mid-
1970s, uses a pair of keys—a public key and a private key. The public key is publicly
known and transferred, and is used to encrypt a message. The private key never leaves
its creator and is used to decrypt the message. For two people to use this technique, each
generates both a public key and a private key, and then they openly exchange public
keys, not caring who gets a copy of it. Each person encrypts their message to the other
by using the other person's public key, and then sends the message. The message can be
decrypted and read only by using the private key held by the recipient. The public and
private keys use a mathematical algorithm that relates them to the encrypted message.
By use of other mathematical algorithms, it is fairly easy to generate key pairs, but with
only the public key, it is extremely difficult to generate the private key. The process of
public key encryption is relatively slow compared with private key encryption. Public
key encryption is best in open environments where the sender and recipient do not
know each other.
Combined Public and Private Key Encryption
Most encryption on the Internet actually is a combination of public and private key encryption
methods. The most common combination, Secure Sockets Layer (SSL), was developed
by Netscape to go between HTTP and TCP/IP. SSL provides a highly secure and
very fast means of both encryption and authentication.
Recall that private key encryption is very fast but has the problem of transferring
the key, whereas public key encryption is very secure but slow. If you were to begin a
secure transmission by using a public key to encrypt and send a private key, you could
then securely use the private key to quickly send any amount of data you wanted. This
is how SSL works. It uses a public key to send a randomly chosen private key, and in
so doing sets up a "secure socket" through which any amount of data can be quickly
encrypted, sent, and decrypted. After the SSL header has transferred the private key, all
information transferred in both directions during a given session—including the URL,
any request for a user ID and password, all HTTP web information, and any data entered
on a form—is automatically encrypted by the sender and automatically decrypted
by the recipient.
Several versions of SSL exist, with SSL version 3 being the one currently in common
use. SSL 3 is both more secure than, and offers improved authentication over, earlier
versions.
Another combination of public and private key methods is Transport Layer Security
(TLS), which is an open security standard similar to SSL 3. TLS, which was drafted by the
Internet Engineering Task Force (IETF), uses different encryption algorithms than SSL.
Otherwise, TSL is very similar to SSL and even has an option to revert to SSL if necessary.
Both SSL 3 and TLS have been proposed to the World Wide Web Consortium (W3C)
standards committee as security standards.
4 comments:
I am just laying my understanding of Combined public and private key encryption, correct me if i am wrong....
A secret key(private) is used to encrypt some data and that again is encrypted using a public key resulting in a ciphertext, the data is then transmitted . The receiver uses a private key to decrypt and also provides the secret key so the data is converted into plaintext..
Thanks !
This is an excellent post detailing the differences between public and private key encryption. I've been trying to brush up my own knowledge on SSL encryption for a job interview. Thank you Kaari for taking the time to write up this information.
Encryption is used to maintain security and data integrity.Public key encryption,Private key encryption or combination of both could be chosen depending on requirement at hand.
Post a Comment