Encryption is changing a message so that it can only be understood if the "key" is known (the science is Cryptography). It can be as trivial as substituting the next letter in the alphabet ("bmqibcfu" is the word "alphabet" encrypted in that trivial code), but that would quickly be figured out. A mathematical process involving a key that is 40 bits (about 12 digits) long was considered secure for a long time, but advances in computers made that code breakable with todays computers. A key that is 128 bits long is common today, and is not easily broken by today's fastest computers.
For centuries the key that was used to encrypt the message was also used to decrypt the message. The movies with a briefcase chained to a courier's body were usually the delivery of the key, not the message. Special devices and extraordinary steps (e.g. different people carrying different parts of the key) were used to be sure the key was not compromised.
In the last decade or two, a new type of cryptography has been invented. This involves two keys, sometimes called the private key and the public key. Anything encrypted with one key can be decrypted with the other. Although the keys are related when they are generated, it is practically impossible to compute one key from the other. The public key is published in directories, available to anyone. The private key is kept as a closely guarded secret.
If you want to send me a secret message, encrypt it with my public key, and I will be the only one that has my private key, thus can decrypt and read the message. This creates privacy.
If you want to be certain that a message is from me, I can encrypt it with my private key. When you can decrypt it with my public key, you know it must be from me. This creates non-repudiation - I can't claim that I never sent the message.
If I want both privacy and non-repudiation, a message can be encrypted multiple times - once with my private key (you know it is from me), and once with your public key (only you can read it). Of course, part of the message must not be encrypted - the address so it can be delivered, and who it is from, so you know what public key to use to read it.
Creating a pair of keys is easy - it is done automatically by many e-mail systems.
If certificates are free why would you want to pay?
Suppose you received an encrypted document and checked the certificate. You trusted that the document was authentic and acted on it. Later you found that the document was not true - the certificate was wrong. Because you acted on the false document (you trusted the certificate) you have a substantial financial loss.
Naturally you will expect the provider of the certificate that caused your loss to make you whole - to pay you for your loss. Especially in commercial transactions that may be worth millions. Banks may have the "deep pockets" to be able to reimburse you for losses caused by their errors. You may be willing to pay a modest fee to a certificate provider, such as a bank, who will cover your loss.
What if somebody else had a pair of keys, and published the public key as if it belonged to me? Suddenly they could be sending and receiving messages as if they were me. Therefore we need a trusted third party to manage the directory of public keys - to be sure that a given key really belongs to the person listed. Since I could send you my public key in e-mail, it is up to you to decide if you want to verify that the public key you have really belongs to me.
Trusted third parties provide a certificate that identifies the owner of a key. VeriSign is the primary provider of certificates (to about 4 million individuals), although banks and other financial service companies often say they will provide that service (for a fee). Major companies using systems that routinely encrypt mail, like Lotus Notes, normally provide the certificate for all it's users - their private key on their personal computers (in the Notes license file), and their public key in the directory.
What if I want to sign an electronic form, such as an application for insurance. How can I be sure that the form I have signed cannot be changed after I signed it?
A hash total or checksum can be taken of the relevant information, whether data or image. That hash total (sometimes called a thumbprint) is encrypted as part of my signature. When the signature is displayed, the thumbprint is computed again. If the value of the thumbprint is the same, the data is fine and the signature is displayed. If something has been changed, the thumbprint will be different, and the signature will be voided.
The flexibility of the thumbprint is great - for example, it can include the identity and condition of the applicant for life insurance, but not the agent (so that the agent information can be corrected without voiding the applicant's signature). The underwriter's approval signature might encompass the applicant's medical information and signature (so it can't be changed and re-signed after underwriting approval), but not the address (so that the address can be corrected). The public and private keys are between the signature collection device and signature reproduction device, so the applicant does not need to have an encryption key for this process.
Back to the home page
Send e-mail comments to
©2000 by Charles A. Plesums, Austin, Texas USA. ALL RIGHTS RESERVED. You may license additional copies of this document through a nominal royalty payment as specified on www.plesums.com.