Asymmetric key algorithms can be used for encryption/decryption, digital signature, or both. They are described in the following sections in detail.
7.2.1 Encryption/Decryption
In the case of encrypting a message, the public key of the recipient is utilized to encrypt a message, which is not possible to decrypt by anyone who does not own the corresponding private key. In other words, the sending party uses the public key of the desired receiver to encrypt a message to be sent. That message can only be decrypted by the desired receiver, who holds the corresponding private key. Thus, it preserves the confidentiality of a message. An example of the encryp-tion technique utilizing asymmetric key algorithms is illustrated in Figure 7.1. Let us assume that Alice and Bob are the two parties who previously decided to exchange their messages securely through non-secure communication media, like the Internet. They come to consent for using an asymmetric key algorithm. Therefore, both of them gen-erate a pair of keys for each. One of them is kept secret and another
one is exchanged between them. After receiving the public key of the other party, one stores it in his or her public-key ring. If Bob wants to send a secret message to Alice, he must encrypt the message utilizing Alice’s public key. On the other hand, after receiving this message from Bob, Alice employs her private key to decrypt. Similar proce-dures are also followed to exchange messages from Alice to Bob.
7.2.2 Digital Signature
In many cases, along with the confidentiality of a message, it is also necessary to verify the identity of the sender. This could be performed through a digital signature, which is an electronic signature gener-ated through a mathematical scheme. There are three main reasons for applying a digital signature:
1. Authentication: Digital signatures are used to validate the source of a message. A receiver can make sure that the mes-sage has been sent from the valid user.
2. Nonrepudiation: A sender cannot deny the transmission of a message if it is digitally signed.
3. Integrity: It also preserves the integrity of a message by not allowing it to alter in transit.
Asymmetric key algorithms also can be utilized to sign a message digitally. A sender’s private key is utilized to sign a message, which can then be verified by the receiver who has access to the sender’s public key. If the message is decrypted successfully, it proves that the
Encryption/Decryption Transmitted ciphertext Dan
Bob’s public key ring
Mike
Alice’s public key Alice’s private key
Input
plaintext Output
plaintext Encryption Algorithm
e.g., RSA Decryption Algorithm
e.g., RSA Alice
Figure 7.1 Encryption/decryption technique using asymmetric key algorithm.
sender had proper access to the private key, which is likely to be the authenticated person associated with the public key. It also verifies that the message has not been altered, as a change in the encrypted message would result in a change in the message digest. Recalling the previous example, if Bob wants to digitally sign the message, he must employ his private key to encrypt that message. After receiving that message, if Alice can decrypt the message using Bob’s public key, she can be assured that the message was transmitted by a legitimate party.
This scenario is illustrated in Figure 7.2.
7.2.3 Encryption and Digital Signature
A message can be both encrypted and digitally signed at the same time by encrypting it twice with different keys and decrypting with their relevant keys. As mentioned in the previous sections, if two par-ties desire to exchange encrypted messages among themselves, the sender must encrypt a message with the public key of the receiver.
Again, for digitally signing a message, the sender must encrypt the message with his or her private key. Therefore, whenever a sender wants both, he or she must encrypt a message with his or her private key (for digital signature), and then again encrypt that message using the receiver’s private key (for encryption). It this case, the sequence of encryptions needs to be maintained precisely to achieve the plaintext.
On the other hand, after receiving this message, it must be decrypted using two relevant keys following the encryption sequence. If the plaintext is possible to acquire after the decryption, a receiver can
Digital Signature Transmitted ciphertext
Dan Alice’s public
key ring
Mike
Bob’s private key Bob’s public key
Input
plaintext Output
plaintext Encryption Algorithm
e.g., RSA Decryption Algorithm
e.g., RSA Paolo
Figure 7.2 Digital signature using asymmetric key algorithm.
presume that the packet was received from a valid sender and the message is without any alteration. An example of such a technique is given in Figure 7.3.
A summary of the above discussions is given in Table 7.1.
In the next two chapters, renowned algorithms—RSA and elliptic curve cryptography—will be discussed in detail with their relative operational methods and implementation.
Key Exchange Using Asymmetric Key Algorithm
Secret key Recipient’s private key Recipient’s public key
Encrypted secret key
Encrypted secret key Secret key
Key transmitted
Figure 7.3 Encryption/decryption and digital signature using asymmetric key algorithm.
Table 7.1 Application of Asymmetric Key Algorithms ENCRYPTION TECHNIQUE ENCRYPTION/
DECRYPTION DIGITAL
SIGNATURE BOTH Encrypting using receiver’s public key Yes No No Encrypting using sender’s private key No Yes No Encrypting using sender’s private key
and receiver’s public key Yes Yes Yes
13 5