iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

Security Concepts

iTP Secure WebServer System Administrator’s Guide—523346-002

D-4

Public Key Systems

Public key cryptography can be used for both privacy (encryption) and authentication

(digital signatures).

Encryption

For encryption, public key systems work as follows: To send a private message to

Juliet, Romeo looks up Juliet's public key in a public directory. Using this public key, he

encrypts his message and then sends it to Juliet across a normal (nonsecure)

communications channel. Upon receiving Romeo’s message, Juliet uses her private

key, which is uniquely associated with her public key, to decrypt it.

Because only Juliet has access to her private key, no one else can decrypt Romeo’s

message. Hence, even if Capulet, Juliet’s father, intercepts Romeo’s message, he

cannot read it – unless he gains access to Juliet’s private key.

Session Keys

In practice, encrypting data with a public key system is computationally slow and

therefore expensive. Secret key systems, based on a technology such as the Data

Encryption Standard (DES), are much faster.

To save time, instead of encrypting his message with Juliet’s public key, Romeo could

generate a random key on the basis of a secret key technology, then use this key

(called a session key) to encrypt his message. After using Juliet’s public key to encrypt

his session key, Romeo would send Juliet both his encrypted message and the

encrypted session key. Upon receiving the encrypted message and key, Juliet would

Figure D-2. Public-Key Systems

Romeo Juliet

Key

Pair

Public

Key

Secret

Key

CDT009.CDD