Cryptography. Not many people apart from computer geeks and methematicians have heard of it, and even fewer know what it does, and what it is useful for. But today, cryptography is at the center of a raging debate between lawmakers, civil rights activists, and Big Business. At stake may be the future of business itself.
So what is it, then ?
Cryptography is used for two things: encryption / decryption, and authentication. That is, it keeps your data private, and helps verify that it originated from you. It is a way to help control the ways in which you reveal yourself to the world. It is also a way to turn everything inside a computer, even a computer seized or stolen by experts, into an utterly scrambled gobbledygook that no one but the holder of the key can read. It is a swift, powerful, portable method of high-level computer security. Cryptography is potentially, perhaps, even a new form of information economics. This has applications in fields as diverse as email and electronic commerce.
Today, we will look at a particular kind of cryptography called Public Key Cryptography.
Encryption is the transformation of data into some unreadable form. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data. Decryption is the reverse of encryption ; it is the transformation of encrypted data back into some intelligible form.
Encryption and decryption require the use of some secret information, usually referred to as a key. Thus, you can keep your data private if you encrypt it, as only somebody who has the key will be able to decrypt it. You can then send your message over a public channel, such as the internet, in the confidence that only your recepient will see the actual message. However, this requires that the recepient has the key too. And if you send the key over a public channel, this defeats the purpose of security.
The concept of Public Key Cryptography was introduced in 1976 by Whitfield Diffie and Martin Hellman to address this problem. In this, encryption / decryption is performed using two keys instead of one. This is known as a public key / private key pair. These two are mathematically related, such that data encrypted with one key can only be decrypted by the other. In addition, it is computationally infeasible for an opponent to try and deduce a private key from a public key. Therefore, the problem of key management has been elegantly addressed. All one needs to do is make available one's public key to all and sundry, using any source available to you. People who then want to send you information in a secure fashion only have to encrypt it using your public key. It can then be decrypted only by you, using your private key. Thus, even if the encrypted message falls into the hands of some opponent in transit, your data is still secure.
Public Key Cryptography has yet another application, however. That of authentication. How it works is like this: You take a message which you want to tag as having come from you, and only you. The message is then put through a computation which produces a unique value called a _message digest_. The message digest is then encrypted with your PRIVATE key, and appended to the message. This is called a DIGITAL SIGNATURE. When the message reaches the recepient, he performs the same computation on the message to get the digest. He then decrypts the digital signature, using your PUBLIC key, (which you have made available) and compares the two. If they match, he then knows two things:
* the message has come from you, and only you.
* it has not been altered in transit.
The message has thus been authenticated.
The combination of these two (security and authentication) ensure that cryptography can lay the foundation of an e-commerce infrastructure.
More information on cryptography can be found at the following URLs:
http://www.enter.net/~chronos/cryptolog1.html
http://www.pgpi.com/
http://www.rsa.com/