• How public key encryption works? A basic overview worth knowing

    Living in the 19th year of the 21st century, we all know how precious our data is, and that is the reason, bad guys on the internet are constantly trying to intercept the things we do online, just to collect some data about us, and exploit the same. But the good guys, on the other hand, are always trying to be one step forward to provide us the much-deserved data security. One of the most common terms, which we come across while talking about security is end-to-end encryption and private and public keys. Are those some physical keys, which we carry around in our pockets to keep our data secure? I will discuss that today in this article.

    Well, answering the first question, public and private keys are obviously not physical keys, but yes, we carry them in our pocket, bag, or any other suitable cool corners, where our lovable electronics travel with us. Before discussing how end-to-end encryption works, or what the heck, public and private keys are, I will also discuss how data travels through a network, and the simplest form of encryption, which used to be prevalent, maybe a decade ago, or is still prevalent in some outdated places, which you should never dare peeping into. So let’s get started with the simplest form of encryption, and the reason, why we need something like encryption while transmitting our data through the internet.

    Data transmission through the internet

    Whenever we want to send some data through the internet, the data is broken into multiple packets, headers are attached to it, and it is only after that, it is sent through the network. After the data packets reach the recipient, the packets are then appended in the correct order as per the headers, which at the end of the day, help the recipient understand, what the sender wanted to say. We all might stick to the internet all throughout the day, but it isn’t a safe place. Sorry for sounding a little negative. But whenever we are sending some message, the internet is by far the easiest channel to get our message conveyed. When we are sending our data through the internet, the data bounces on different places, and there is every possibility, the bad guys out there might intercept those packages from those points, and boom! Our private message is no longer private. So it is where we need some encryption.

    Using the term message here, I didn’t mean only those messages we all send on Snapchat, WhatsApp or Facebook. Even the pages we visit, and the payment information we send before purchasing that shiny new dress, are all sent through the internet in form of messages. So, using the term messages, I meant all kinds of data, which is sent from a terminal computer to the internet.


    The simplest form of encryption

    Before moving on to how public and private key encryption and decryption work, let’s peep into the simplest implementation of encryption.

    In the simplest form of encryption, the message is first passed through an algorithm where it is encrypted using a key, which is then sent through the internet to the recipient, where it is decrypted using the same key to get back the plain text or the actual message. This encryption method is also called symmetric encryption as the same key is used for both encryption and decryption.

    How public key encryption works A basic overview worth knowing.

    The problem is that the symmetric key used for encryption needs to be sent through the internet either from the sender’s end or from a centralized server. Chances are there, the key can be intercepted by the hackers sitting somewhere between the sender and the receiver. Once that is done, decrypting the messages sent between the sender and receiver or delivering fake messages to one of the users will just be a piece of cake. Eventually, this makes the system vulnerable to the bad guys who are hungry to peep into what exactly we are doing on the internet.

    Encryption using private and public keys

    Encryption and decryption using public and private keys is the hot cake in today’s world, where security is a big question. End-to-end encryption, which is based on private and public keys use a different and more secure way to encrypt and decrypt data.

    Here each user has a public key, which is known to everybody, who want to send packets to the recipient from time to time. There is also a private key, which is kept secret at the recipient’s end. This key is not known to anybody except the particular individual. This private key is generated with the help of some algorithm present within the system itself, and thus, it is not necessary at all to send the same across the network.

    Now, whenever a sender wants to send a message to the recipient, the sender encrypts the message using the public key of the recipient and is then sent through the network, which is the internet in this case.

    Now once the encrypted message reaches the recipient, the recipient will have to decrypt the message using both the public key and the private key. Though the message was encrypted using the public key, the same cannot be decrypted only with the public key though. Making the private key an elementary requirement for decryption eventually make the system a lot more secure. The public and private keys are different in this case, and thus the encryption algorithm is said to be asymmetric.


    Why this is secure?

    Though the public key is known to all the persons concerned, the public key can only be used to encrypt the message. If some eavesdropper intercepts the message from somewhere between the sender and the receiver and decrypts the same using the public key, which is known to everyone, the message will not have any sense, as it’s intended to be decrypted using both the public as well as the private key.

    This dramatically improves the level of security as the private key is meant to stay only with the recipient, and do not need to be transmitted to the sender. As long as the device or the software is not compromised, chances are hardly there, the private key will be leaked to unsafe hands.

    WhatsApp’s end-to-end encryption-An example

    When it comes to end-to-end encryption, the first thing which comes in a layman’s mind is WhatsApp. WhatsApp is one among those cross-platform messaging applications which provide end-to-end encryption, making it technically impossible for interceptors or even WhatsApp to track, what exactly we are sending to our mates on the platform.

    Just like the way, end-to-end encryption work, the sender encrypts the message (which also include multimedia elements) into a ciphertext with the public key of the recipient and then sent. The message then reaches the WhatsApp servers, which is eventually delivered to the recipient, who is supposed to see the message. The recipient will then use both the public and private key to decrypt the message and read or view the contents of it.

    The message is obviously sent through the WhatsApp servers. But don’t worry if you doubt the company is storing the same on its servers as they will not be able to make any sense out of it. The reason is pretty simple. To make any sense out of the message or to decrypt the same, both the public and private key needs to be used, and the private key is never supposed to be sent over the network under any circumstances.

    WhatsApp also uses separate keys to encrypt individual messages making it more complicated, or nearly impossible to decrypt the messages by any unauthorized person. Though separate keys are used for every single message, the thing is based on the same principle. Explaining how exactly the WhatsApp encryption system works is not possible here as there is a lot of technical jargon associated with it.

    Other applications of end-to-end encryption work in a pretty similar way with some major or minor modifications. HTTPS, the secure version of HTTP also work in a pretty similar way, but there is an additional session key, which makes HTTPS even more secure.

    That was a basic overview of public key encryption. The better the algorithm, tougher it will be to decrypt the message, and more processing power will be required for the same. In cryptocurrency mining, very complex algorithms are implemented making it require high-end GPUs to execute those algorithms.

    Hope the information was interesting to you. Do you want to say something? Feel free to comment it down below.

    See more:

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.