Penguin
Diff: PublicKeyEncryption
EditPageHistoryDiffInfoLikePages

Differences between current version and revision by previous author of PublicKeyEncryption.

Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History

Newer page: version 6 Last edited on Saturday, February 28, 2009 5:31:57 pm by LawrenceDoliveiro
Older page: version 5 Last edited on Wednesday, March 24, 2004 8:52:32 am by AristotlePagaltzis Revert
@@ -1,14 +1,16 @@
-Also known as public key [Cryptography], public key encrypton was introduced by Diffie and Hellman in 1976 , and popularised by the [RSA] algorithm two years later. 
+Also known as public key [Cryptography], the concept of public key encryption was thought up by Whitfield Diffie in 1975 , and proven by the [RSA] algorithm two years later. 
  
-Each person has a pair of keys, called the PublicKey and the PrivateKey. Each person's public key is published while the private key is kept secret . Data can be encrypted using the intended recipient's public key and then can only be decrypted using their private key. 
+Each person has a pair of keys, called the PublicKey and the PrivateKey. Each person's public key is published while the private key is never divulged to anyone . Data can be encrypted using the intended recipient's public key and then can only be decrypted using their private key.  
+  
+Note that, while the public key is not confidential, to be useful the recipient needs some assurance that it really came from the person it is supposed to have come from
  
 The need for sender and receiver to share secret information (keys) via some secure channel is eliminated: all communications involve only public keys, and no private key is ever transmitted or shared. 
  
 The system is successful because 
  
 # PKE is computationally difficult to decode. 
-# PKE does not require a secure channel to send the key; the key is, in fact, public. 
+# PKE does not require a secure channel to send the key; the key is, in fact, public. However, without assurances as to the authenticity of the public key, you leave yourself open to ManInTheMiddle attacks
 # PKE can be used as a basis of a personal (digital) signature so that the sender may always be identified. 
  
 If you encrypt something with the public key then it can be only decrypted with the private key, and vice versa. Given the public key, you can't deduce the private key, and __usually__ vice versa (although not always). Thus you publish you public key to the world, and everyone can send you encrypted email. (See [GPG]).