Content deleted Content added
m fixed lint errors – missing end tag |
Reorder so digital signature comes first, since it is much more important and widely used in the real world than public-key encryption. |
||
Line 10:
2) Using Alice's public key, Bob can verify that Alice sent the message and that the message has not been modified.]]
'''Public-key cryptography''', or '''asymmetric cryptography''', is the field of [[cryptographic systems]] that use pairs of related keys. Each key pair consists of a '''public key''' and a corresponding '''private key'''.{{Ref RFC|4949|notes=no}}<ref>{{Cite journal |last1=Bernstein |first1=Daniel J. |last2=Lange |first2=Tanja |date=2017-09-14 |title=Post-quantum cryptography |url=http://www.nature.com/articles/nature23461 |journal=Nature |language=en |volume=549 |issue=7671 |pages=188–194 |doi=10.1038/nature23461 |pmid=28905891 |bibcode=2017Natur.549..188B |s2cid=4446249 |issn=0028-0836}}</ref> Key pairs are generated with [[cryptographic]] [[algorithms]] based on [[mathematical]] problems termed [[one-way function]]s. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.<ref>{{Cite book|url=https://books.google.com/books?id=Dam9zrViJjEC|title=Cryptography and Network Security: Principles and Practice|last=Stallings|first=William|date=3 May 1990|publisher=Prentice Hall|isbn=9780138690175|page=165|language=en}}</ref>
There are many kinds of public-key cryptosystems, with different security goals, including '''
Public key algorithms are fundamental security primitives in modern [[cryptosystem]]s, including applications and protocols that offer assurance of the confidentiality and authenticity of electronic communications and data storage. They underpin numerous Internet standards, such as [[Transport Layer Security|Transport Layer Security (TLS)]], [[SSH]], [[S/MIME]], and [[Pretty Good Privacy|PGP]]. Compared to [[symmetric cryptography]], public-key cryptography can be too slow for many purposes,<ref>
Line 32:
By contrast, in a public-key cryptosystem, the public keys can be disseminated widely and openly, and only the corresponding private keys need be kept secret.
The two best-known types of public key cryptography are '''
* In a '''[[digital signature]]''' system, a sender can use a private key together with a message to create a '''signature'''. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key.<ref name="hac-digsig">▼
{{cite book▼
|author1-last=Menezes |author1-first=Alfred J. |author1-link=Alfred Menezes▼
|author2-last=van Oorschot |author2-first=Paul C. |author2-link=Paul van Oorschot▼
|author3-last=Vanstone |author3-first=Scott A. |author3-link=Scott Vanstone▼
|title=Handbook of Applied Cryptography▼
|publisher=CRC Press▼
|date=October 1996▼
|isbn=0-8493-8523-7▼
|chapter=Chapter 8: Public-key encryption▼
|url=https://cacr.uwaterloo.ca/hac/about/chap11.pdf▼
|pages=425–488▼
|access-date=2022-10-08▼
}}</ref><ref name="djb-forgery">▼
{{cite book▼
|first=Daniel J. |last=Bernstein |author-link=Daniel J. Bernstein▼
|chapter=Protecting communications against forgery▼
|title=Algorithmic Number Theory▼
|publisher=MSRI Publications▼
|volume=44▼
|date=1 May 2008▼
|url=https://cr.yp.to/antiforgery/forgery-20080501.pdf▼
|access-date=2022-10-08▼
|at=§5: Public-key signatures, pp. 543–545▼
}}</ref><ref name="bellare-goldwasser2008digsigs">{{cite book▼
|title=Lecture Notes on Cryptography▼
|first1=Mihir▼
|last1=Bellare▼
|author-link1=Mihir Bellare▼
|first2=Shafi▼
|last2=Goldwasser▼
|author-link2=Shafi Goldwasser▼
|date=July 2008▼
|url=https://cseweb.ucsd.edu/~mihir/papers/gb.pdf#page=168▼
|chapter=Chapter 10: Digital signatures▼
|page=168▼
|access-date=2023-06-11▼
|archive-date=2022-04-20▼
|archive-url=https://web.archive.org/web/20220420003617/https://cseweb.ucsd.edu/~mihir/papers/gb.pdf#page=168▼
|url-status=live▼
}}</ref><p>For example, a software publisher can create a signature key pair and include the public key in software installed on computers. Later, the publisher can distribute an update to the software signed using the private key, and any computer receiving an update can confirm it is genuine by verifying the signature using the public key. As long as the software publisher keeps the private key secret, even if a forger can distribute malicious updates to computers, they cannot convince the computers that any malicious updates are genuine.</p>▼
* In a '''public-key encryption''' system, anyone with a public key can encrypt a message, yielding a '''ciphertext''', but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.<ref name="hac-pke">
{{cite book
Line 130 ⟶ 171:
|access-date=2024-11-24
}}</ref>—it just conceals the content of the message.</p>
▲* In a '''[[digital signature]]''' system, a sender can use a private key together with a message to create a '''signature'''. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key.<ref name="hac-digsig">
▲{{cite book
▲ |author1-last=Menezes |author1-first=Alfred J. |author1-link=Alfred Menezes
▲ |author2-last=van Oorschot |author2-first=Paul C. |author2-link=Paul van Oorschot
▲ |author3-last=Vanstone |author3-first=Scott A. |author3-link=Scott Vanstone
▲ |title=Handbook of Applied Cryptography
▲ |publisher=CRC Press
▲ |date=October 1996
▲ |isbn=0-8493-8523-7
▲ |chapter=Chapter 8: Public-key encryption
▲ |url=https://cacr.uwaterloo.ca/hac/about/chap11.pdf
▲ |pages=425–488
▲ |access-date=2022-10-08
▲}}</ref><ref name="djb-forgery">
▲{{cite book
▲ |first=Daniel J. |last=Bernstein |author-link=Daniel J. Bernstein
▲ |chapter=Protecting communications against forgery
▲ |title=Algorithmic Number Theory
▲ |publisher=MSRI Publications
▲ |volume=44
▲ |date=1 May 2008
▲ |url=https://cr.yp.to/antiforgery/forgery-20080501.pdf
▲ |access-date=2022-10-08
▲ |at=§5: Public-key signatures, pp. 543–545
▲}}</ref><ref name="bellare-goldwasser2008digsigs">{{cite book
▲|title=Lecture Notes on Cryptography
▲|first1=Mihir
▲|last1=Bellare
▲|author-link1=Mihir Bellare
▲|first2=Shafi
▲|last2=Goldwasser
▲|author-link2=Shafi Goldwasser
▲|date=July 2008
▲|url=https://cseweb.ucsd.edu/~mihir/papers/gb.pdf#page=168
▲|chapter=Chapter 10: Digital signatures
▲|page=168
▲|access-date=2023-06-11
▲|archive-date=2022-04-20
▲|archive-url=https://web.archive.org/web/20220420003617/https://cseweb.ucsd.edu/~mihir/papers/gb.pdf#page=168
▲|url-status=live
▲}}</ref><p>For example, a software publisher can create a signature key pair and include the public key in software installed on computers. Later, the publisher can distribute an update to the software signed using the private key, and any computer receiving an update can confirm it is genuine by verifying the signature using the public key. As long as the software publisher keeps the private key secret, even if a forger can distribute malicious updates to computers, they cannot convince the computers that any malicious updates are genuine.</p>
One important issue is confidence/proof that a particular public key is authentic, i.e. that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by some (perhaps malicious) third party. There are several possible approaches, including:
| |||