Digital trust is the confidence that we have that we can use digital systems safely, and it underpins our entire digital economy. The basis for digital trust is today’s public key infrastructure (PKI) and the cryptography behind it. (If you don’t know what cryptography is, this resource will help.)
What is Public Key Infrastructure?
PKI is an umbrella term for the entire system that manages public key encryption (PKE), which secures almost every online connection we make. From online payments to email, it all uses PKE.
Fundamentally, PKE is a type of algorithm that includes both asymmetric encryption and digital signatures. It includes cryptographic keys (explained below), but it also includes a system that’s used to verify the identity of any connected device. That’s because the keys, as part of a digital certificate, are issued and registered to specific individuals or organizations by a trustworthy certificate authority (CA). The public key is part of the certificate file, which sits on the site’s server.
How Does PKI Work?
Public key encryption has two “keys”, which are linked pieces of data used by an algorithm to do one of the following pairs of operations:
- Encipher and decipher information.
- Sign and verify the signature on a document.
Here’s a quick example of how public key encryption is used to keep email secure:
If Alice wants to send an email to Bob, her computer encrypts the message using Bob’s public key. While the message is en route, it can’t be read by anyone else. Once the message arrives at Bob’s computer, his private key descrambles the message.
A private key can only be seen by the sender’s computer, but the public key can be given to any other computer. The two keys are tied together by a long string of numbers, but it’s currently impossible to reconstruct the private key from the public key.
Even a hacker with a room full of the most powerful supercomputers available can’t determine the public key and read the information in the email. Those computers would take a billion years to crack it through brute force (trying every possible combination of digits, one after another).
That’s why the cybercrimes you hear about today almost always involve either a loophole in software or human negligence in creating strong passwords.