In this lesson, I'll discuss public key infrastructure. By the end of it, you'll be able to discuss how public key infrastructure works, explain how public key infrastructure is used to secure systems, and discuss how public key infrastructure is better than using shared passwords. Let's briefly talk about encryption for a second. There are two kinds of encryption. Symmetric encryption, which means that each party knows the same information. A good example of this is a password. So, hashing aside, if we want to secure a document, for example, like a Word document, all we have to do to secure that document is actually use a password and protect it. We use the Protect this file option within Word or any other Office product. However, the sender and receiver have to know that same password. Asymmetric encryption, each party just knows enough information, and specifically the public keys in order to decrypt that message or that file. Public key encryption, or public key infrastructure, is based off of mathematical functions. It uses public and private key pairs, in order to secure, encrypt, and decrypt messages. It needs some way of distributing the keys, however. So both the storage of the keys, the generating of the keys, and sharing that information back and forth is what makes up public key infrastructure. In the asymmetric encryption steps, the first step is the user generates a key pair, so public and private keys. This is usually done through software due to the key size. Anymore, the typical key size, depending on what kind of technology that you're using, is a 2048-bit key. The second step is each user then has to publish their public key in some way that the user can obtain it, the other user can obtain it, either sender or the receiver. So, each user keeps their private key, however, private. So in practical terms, if Bob wants to send a message to Alice, Bob encrypts the message with Alice's private key, I'm sorry, public key, and Bob's private key. When Alice receives the message, Alice decrypts the message with Bob's public key and Alice's private key. That way they don't know each other's secure password or private key. Public key encryption was first developed in 1976. It is a way to encrypt and decrypt without knowing the private secret, or key. The algorithm must be able to generate key pairs that must encrypt and decrypt. It must be computationally easy to produce key pairs, and also must be computationally easy to encrypt and decrypt messages. It has to be computationally impossible for anyone else to decrypt that message and must be computationally impossible to decrypt using only the public key by itself. Lastly, we must have a way to exchange those keys securely. Why is public key infrastructure so important? Well, it's important because it's a reverse function that allows the sender and receiver to only share a portion of the key pair, so in this instance, public keys. It is also very difficult to break because of the prime factorization that we use in order to make this all possible. The size of the key is important, so the smaller the key that we have, the easier it is to find prime factors that meet that requirement. So if we have a small key pair, let's say 512 bits, it's not as secure as something that has 2048-bit encryption. Most of the Internet actually started requiring, and the big certificate companies, actually started requiring a minimum of 2048-bit keys about three years ago. Public key infrastructure also covers both confidentiality and integrity in the CIA Triad. Let's quickly give an example of the RSA algorithm. This is the algorithm that was developed back in 1976. It's a relatively simple algorithm. So in order to encrypt, we have the cipher equals the message raised to a computational function e, modded with another function n. And then to decrypt, we take the message that was received equals the ciphertext to d which is another computation function modded with that n that was also communicated back and forth. So both the sender and receiver must know the values of both n and e. Only the receiver knows the value of d, which is the private key. The public key has to be known, so in order to computate that public key, we say public key equals e and n, and the private key is going to be private, which we compute as d and n. So for the first example, let's say our message m is just a letter, let's say the letter A. So A in ASCII is going to be the number 65. We need to select two prime numbers, so p is going to equal 61, and q is going to equal 53. These are both prime numbers. Remember, public/private key encryption has to revolve around prime factorization. So in order to calculate n, we take p times q. So in the case of p = 61 and q = 53, the two together equals 3,233. So then we calculate the relative prime for both e and select e based off of Euler's totient. So we'll pick 17 in this case, so the prime number has to be 17, based off of Euler's totient. In order to encrypt, we're going to take, the ciphertext is going to equal C = 65 raised to the 17th, modded by the product of p and q. So, our ciphertext is going to turn out to be 2,790 for the letter A. That's our ciphertext. So to decrypt that, we take 29, I'm sorry, 2,790, 2,790, raised to the 2,753rd, modded with the product of p and q, and we get 65. Remember, 65 was our actual message. So, all this is going to be displayed for you in some other readings so you understand how these algorithms actually work. So why do we actually want to use public and private keys? So in order to break it, you would have to brute force all private key combinations. So mathematically it's very difficult to break. You have to basically factor those primes. We have to take p and q and keep on computing those until we find one that actually matches. So, remember if we had a very small key pair, like 512 bits, it's going to be much easier to break than something that is 2048 bits long. There are other attacks out there, but they're difficult to exploit and may take years to decrypt the information.
