Understanding the Purpose of Keys

The purpose of a key is to ensure that an encrypted message cannot be decrypted except by a selected group of users who have access to the secret and public keys. If keys are not used, any user who has access to the algorithm can decrypt the message. Figure 4-2 shows that only the cipher algorithm is needed.

Figure 4-2: Cipher without the key

The key gives access to a specific user to decrypt the message. The key denies users who do not possess the key and the ability to decrypt the message. See Figure 4-3 for a demonstration.

Figure 4-3: The key for decryption

Hackers have been known to break an encryption without a key, by trying a myriad of keys. The keys that are tried depend on the size of the key. For example, if the key is 129 bits long, the key can have 2 ^ 129 possibilities, which is a very large number. Even though there are 2 ^ 129 possibilities, not all have to be tried before finding the bit stream that matches the key. If the key is all zeros, and the cracker starts at zero, the key will be found during the first iteration. For this reason, a randomness is applied to the key to ensure that the key has an equal chance of appearing anywhere within the possibilities.

I have mentioned that the secret key is used for both encryption and decryption. The key pair consisting of a public key and private key uses the public key for decryption and the private key for encryption. When the key pair is generated, an association between the public key and private key is generated, so that only that specific public key will decrypt messages with that specific private key. The public key is distributed to users for decrypting the message. The private key is not for distribution but kept by the owner of the key to encrypt the messages. Figure 4-4 demonstrates the secret key, and Figure 4-5 demonstrates the key pair.

Figure 4-4: The secret key

Figure 4-5: The key pair

The key agreement is how the key is exchanged or distributed to a user so that he or she may decrypt the message or data. The key used for encryption, in most cases, should not be distributed unless there are no other choices. Sometimes the keys may also be used for digital signatures, but that is discussed in a later chapter. The secret key produces only one key for the encryption and decryption; a generic, not Java code, method may look like Listing 4-1 to generate the ciphertext (the encrypted data) and the plaintext (the decrypted data).

Listing 4-1: SecretKey cipher pseudocode

 CipherText = Encrypt  SecretKey  (PlainText); PlainText = Decrypt  SecretKey  (CipherText); 

 

Listing 4-1 gives a pseudocode example of a secret key cipher. Pseudocode is a code-like example to describe functionality but is not specific to a programming language. The listing shows that the same secret key is used for both encrypting and decrypting the message. To understand the difference with the key pair, see Listing 4-2.

Listing 4-2: The key pair cipher pseudocode

 CipherText = Encrypt  PrivateKey  (PlainText); PlainText = Decrypt  PublicKey  (CipherText); 

 

Listing 4-2 demonstrates the pseudocode for a key pair. The pseudocode demonstrates that the private key is used for encryption and the public key is used for decryption, but this is not always the case. Some algorithms, such as RSA (which is discussed later in this chapter), use the private key to decrypt and the public key to encrypt The difference between which key is required for the encryption and decryption is algorithmic specific. The definition of the key pair is that there is a matching pair of keys, one public and one private. Here the term "matching" means that there is an association between the private key and public key. The public key will only work for the matching private key and vice versa. The only way that the association can be made between the public and private key is a mathematical association. Most cryptographers who work with the keying mechanisms and ciphers are mathematicians.