In traditional environments, encrypted information is sent
between parties that use the same key to encode and decode information.
This is called symmetric encryption. In
the case of the Internet, there is no way for one computer to send
the encryption key to another without risk of a third party stealing
the key and decoding subsequent communications. A method other than
symmetrical encryption is required to transmit the encryption key
securely on the Internet.
Public key cryptography was developed by Whitfield Diffie
and Martin Hellman. The Diffie-Hellman key agreement protocol was
published in 1976. It is also called asymmetric encryption because
it uses two keys instead of one key. The RSA algorithm is another
option for public key cryptography.
The solution is a system called public key cryptography or asymmetric
encryption, which uses two keys. One is a public
key and is usually available to anyone who wants it.
The other, a private key, is held by just
one party. Only the private key can decipher information that is
encrypted using the public key; it is impossible to decipher the
message using the public key. Similarly, only the private key can
create encrypted messages that are decipherable with the public
key. Because there can be only one public key for each private key,
and vice-versa, it is nearly impossible to impersonate the holder
of the private key. The two keys are mathematically related, but
in such a way that it is virtually impossible to derive the private
key from the public one.
During the SSL handshake, each computer generates a set of
codes to encrypt information. From these codes, each computer creates
two keys, one private key and one public key. Your computer keeps
the private key secret, but it sends out the public key to the other
computer, which uses that key to encode subsequent messages that
only your computer can read. However, the public key cannot, be
used to decode the message; only private key can decode the message.
These keys allow you and the other computer to lock and unlock
information so that only the holder of the private key can read
messages encrypted by the public key. Since only you and the other
computer have a copy of your respective private keys, there is no
way for anybody else to intercept and decode your messages.