HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Chapter 2 Overview of SSL

Public Key Encryption

  Table of Contents


In traditional environments, encrypted information is sent between parties that use the same key to encode and decode information. This is called symmetric encryption. In the case of the Internet, there is no way for one computer to send the encryption key to another without risk of a third party stealing the key and decoding subsequent communications. A method other than symmetrical encryption is required to transmit the encryption key securely on the Internet.

Public key cryptography was developed by Whitfield Diffie and Martin Hellman. The Diffie-Hellman key agreement protocol was published in 1976. It is also called asymmetric encryption because it uses two keys instead of one key. The RSA algorithm is another option for public key cryptography.

The solution is a system called public key cryptography or asymmetric encryption, which uses two keys. One is a public key and is usually available to anyone who wants it. The other, a private key, is held by just one party. Only the private key can decipher information that is encrypted using the public key; it is impossible to decipher the message using the public key. Similarly, only the private key can create encrypted messages that are decipherable with the public key. Because there can be only one public key for each private key, and vice-versa, it is nearly impossible to impersonate the holder of the private key. The two keys are mathematically related, but in such a way that it is virtually impossible to derive the private key from the public one.

During the SSL handshake, each computer generates a set of codes to encrypt information. From these codes, each computer creates two keys, one private key and one public key. Your computer keeps the private key secret, but it sends out the public key to the other computer, which uses that key to encode subsequent messages that only your computer can read. However, the public key cannot, be used to decode the message; only private key can decode the message.

These keys allow you and the other computer to lock and unlock information so that only the holder of the private key can read messages encrypted by the public key. Since only you and the other computer have a copy of your respective private keys, there is no way for anybody else to intercept and decode your messages.