How Public Key Technologies Work

To understand the benefits of PKI, it’s necessary to understand the basics of symmetric encryption, public key encryption, and digital signatures. (Also see the illustration “Cryptographic Operations“.)

Symmetric Encryption

Also known as shared-secret or secret-key encryption, symmetric encryption provides a way for two parties to exchange information and encode it so that it remains confidential, even if intercepted by a third party. Both parties know a secret “key,” which is really just a randomly generated, fixed-length sequence of bits. One side can use the secret key to scramble the data, called plaintext (although this is a misnomer—there is no requirement for it to be text at all; any series of bits will do) into an unreadable mess called ciphertext, then send the ciphertext to the other party. With his separate copy of the key, the recipient can turn it back into the original data.

The magic is in the mathematics of the encryption/decryption algorithms. Unlike most mathematical functions, which are possible to reverse engineer given a large enough set of inputs and results, these algorithms are mathematically impossible to solve for the key, even if one possesses both the plaintext and resulting ciphertext. The only way to solve for the key is to try every possible key until one works, and this is prevented by making symmetric keys long enough that a brute force attack is computationally unfeasible: thousands of today’s computers would have to work for years just to crack one 128-bit key.