Public Key Cryptography

[WinHost]

Your Web server's Secure Sockets Layer (SSL) security feature utilizes a technique known as public key encryption to shield the session key from interception during transmission.

Public key algorithms use two different keys, a public key and a private key. The private key is held privately by the owner of the key pair, and the public key can be distributed to anyone who requests it. If one key is used to encrypt a message, then the other key is required to decrypt the message.

Digital signatures and digital envelopes are produced using two different, but related processes. The process for creating a digital signature involves using the sender's private key, whereas the process for creating a digital envelope uses the intended recipient's public key.

Digital Signatures Authenticate Authorship

Digital signatures are used to confirm authorship, not to encrypt a message. The sender uses his or her private key to generate a digital signature string that is bundled with the message. Upon receipt of the message, the recipient uses the sender's public key to validate the signature. Because only the signer's public key can be used to validate the signature, the digital signature is proof that the message sender's identity is authentic.

Digital Envelopes Encrypt Messages

Digital envelopes are used to send private messages that can only be understood by a specific recipient. To create a digital envelope, the sender encrypts the message using the recipient's public key. The message can only be decrypted using the recipient's private key, so only the recipient will be able to understand the message.