What is an RSA Key?
RSA (Rivest–Shamir–Adleman) is one of the first public key cryptosystems that uses public and private keys and is widely used for secure data transmission over the internet. In this public key cryptosystems, also known as asymmetric cryptography, we have two keys as follows:
- Public key used for encryption — to be shared with everyone.
- Private key used for decryption — must be kept secret.
Symmetic Cryptography: Unlike asymmetric cryptography, symmetric cryptography uses one single key for both encryption and decryption as well.
Asymmetric Cryptography — A Brief Introduction
Asymmetric cryptography, also known as public key cryptography, uses public and private keys to encrypt and decrypt data, i.e., a public key is used for encryption and a private key is used for decryption.
A public key is meant to be shared with everyone, and a private key is kept secret. Asymmetric keys have far better power in ensuring the security of information transmitted during communication, and they are widely adopted. With that said, in asymmetic cryptography, one key without another is useless.
Note: Asymmetric encryption takes relatively more time than the symmetric encryption.
Public key vs. Private key
The corresponding public and private keys are mathematically related to each other, i.e., whatever is encrypted with a public key can only be decrypted by its corresponding private key.
Security of the public key is not required because it is publicly available and can be passed over the internet. Note that the public key is embedded in the SSL certificate and the private key is stored on the server and kept secret.
For instance, if John wants to send sensitive data to Bob and wants to be sure that only Bob will be able to read it, he (John) will encrypt his data with Bob’s public key.
As corresponding public and private keys are related, the data encrypted with Bob’s public key can only be assessed by Bob’s corresponding private key. As only Bob has access to his private key, it is possible that only Bob can decrypt the encrypted data. Even if someone else gains access to the encrypted data, it will remain confidential as others should not have access to Bob’s private key.
Need for Digital Certificate
To use asymmetric encryption, there must be a way of discovering public keys. One typical technique is using digital certificates in a client-server model of communication. A certificate is an electronic document that consists of the following:
- Information about the holder’s (who owns the certificate) public key.
- Information about the identity of its owner (called the subject) — owner can be a user or a system name.
- Digital signature of an entity (called the issuer a.k.a. certificate authority) that has verified the certificate’s contents.
When a client wants to securely connect to a server, both start handshaking each other, where the server sends its certificate to the client. The client uses the certificate to identify the server and also extracts the server’s public key from the certificate as well. The client uses this public key to encrypt the data it sends over to the server. Once data is received at the server, it can be decrypted using the server’s private key.
