Confidentiality is hiding information. Integrity is knowing identity. Public key encryption focuses on confidentiality of information transmitted over the internet.

The method discussed in the previous lesson, of having a secret key to encrypt and decrypt data, is that the two (or more) intended parties need to share a secret key. The problem is that the internet is not a safe place to transmit that secret key. You have to assume there are many hackers and eavesdroppers waiting to steal your secrets.

How do we overcome this problem?

Should companies like Amazon send a Fed-Ex package to you (and all their customers) containing a unique secret key? What if you lose your secret key?

Fortunately, companies like Amazon do not have to, thanks to the idea of public key encryption. Public key encryption was proposed by Whit Diffie, Martin Hellman and Ralph Merkle in 1976. The idea gained popularity because of its elegance.

Public key encryption is an asymmetric-key cryptosystem. Meaning, it does not rely on the same key to encrypt and decrypt the message. It has a public key that does not need to be secure. The public key is what goes out to the internet to encrypt data. The private key rests in the user’s computer, and it decrypts the data. These two keys have a mathematical relationship that is well understood, but very difficult to compute, if the key lengths are long enough.

Interestingly enough, public key encryption was initially met with rejection. However, as it became obvious of its elegance, it quickly became the standard.

It is not impossible to hack the mathematical relationship between the two keys. However, it’s extremely difficult to do, and requires vast amounts of computing power. Therefore, an entity such as the CIA, for example, could hack the relationship between the two keys if they really wanted to. This tell us that perfect security is really impossible, but public key encryption is accepted because there is simply not enough computing power that makes it practical to hack the cryptosystem. The only good method to hack it is brute force. As computing power increases, you can just increase the length of the keys.

#### Generating Public & Private Key Pairs

- You start by randomly selecting two very large prime numbers.
- You multiply those two numbers.
- A series of computational steps follow that generates the public and private pair.

The essence lies in the fact that finding the two random, very large prime numbers is akin to searching for a needle in a haystack.

Some functions are easy to work in both directions, but other functions, not so much.

For example:

*What are the factors of 55,124,159? That’s a hard question.*

*What do you multiply 7919 by to get 55,124,159? That’s an easy question.*

The receiver of a public key cryptosystem knows half the equation. The rest of the world does not. It is nearly impossible to decrypt without knowing this half of the equation. Not impossible, but nearly impossible.

Take for example, you want to buy something on Amazon. You will have to give Amazon your credit card information. Amazon has a public key and a private key. The public key goes out through the insecure internet and encrypts your credit card information, and then retrieves it back from the insecure internet.

You have to assume that eavesdroppers and hackers are out their stealing this information. However, that’s okay, because they don’t have the private key. They don’t have half of the equation to decrypt. For now, it’s also safe to assume they don’t possess the computing power to use the brute force required to decrypt it.

Amazon is in sole possession of their secret key. So, it is very easy for Amazon to decrypt your credit card information. They have half of the equation.

Keeping with this notion, you need a mini layer within the main network layers of the internet. This spawned a change to http. A Secure Sockets Layer (SSL), was nested between the transport and application layers of our network architecture.

This underscores the beauty of layered network architecture. No change was required to the layers below this new SSL mini layer. Further, there is really no danger in the fact that hackers can see your encrypted data.

As long as your computer does not have some type of malware, virus, or as long as Amazon does not let their data fall in the wrong hands, the public key cryptosystem works very well.

SSL is also known as Transport Layer Security (TSL) or HTTPS.

Do you see the difference between these two URLs?

*https://www.amazon.com* OR *http://www.amazon.com*

Never type in sensitive information, credit card numbers, or passwords on a page without the ‘https’ in the URL.

All of the concerns herein practically ensures the confidentiality of your information across the internet. The next part is to focus on how you can trust the integrity of who you are sharing the information with.