Whenever we disclose any of our private information (or any type of info that might hamper our lives if it gets into the wrong hands) to an authority online , we always have second thoughts about how this whole communication network works and will it be able to keep our valuable information secure.
So to end this uncertainty to some extent, you’ll get to know how public key cryptography (Asymmetric cryptography) helps carrying out the exchange of our information over the internet securely in this article.
Whenever a lay man sees the word cryptography the things that comes first to his mind are complex algorithms, coding and deciphering etc. but here we will learn about the public key cryptography in a more simple way.
We can understand the working with an example where the data provided by the sender could be in the form of an email which is translated into an encryption using a public key which is publicly accessible, and decrypted through by the private key into the raw version of itself. Here the public key will only work with the private key associated with it and vice-versa.
So here we saw that whatever valuable information we passed over the email was not being hampered or accessed by any third party which does not have the private key.
Hence another query arises in our minds that how do we keep this private key secure and inaccessible to unwanted people, so now we’ll read about the methods to maintain the secrecy of the private key.
– The first thing to keep in mind before storing the private key is to consider it equivalent to your digital signature, as it is unique and could be generated just by ourselves.
– Steer clear of providing remote access of the key to any third party
– If you keep your private key accessible on any internet connected device, it could be a threat as it becomes easier for hackers and frauds to retrieve that key. Hence it should be stored in a hard drive token which is only locally accessible and password protected.
– Just like we double check our house lock before leaving and have multiple locks for the main entrance we must have a multi-factor authentication for our private key as well so that it’s well protected.
– Lastly, similar to back when we used to keep three back up pens in our bag before any exam just so if one stops working we have other options there should be a backup for the private key as well.
Now comes the question that how do we get to know which websites have the private key authentication and which do not, have you ever noticed the http and https which goes before the website address?, so the sites which have https are SSL certified.
SSL is the acronym for ‘Secure socket layer’ the basic agenda of a SSL certificate is to certify that the website on which we provide any kind of information is protected and secure. It is necessary as on a daily basis millions of us give away our personal information like contact number, age, address and most importantly bank account details just with a few taps.
It is unimaginable how catastrophic it would be if any unauthorised individual/authority gets access to that. This is where SSL comes into play where with the help of the above explained public key cryptography it protects the data exchange between us and the website.
Just imagine your best friend has asked you to keep your lips sealed at the cost of your very own friendship but the other day he/she gets to know that your whole gang knows about the secret she would obviously blame you as she trusted you with her secret while you’re just left astounded as you never spilled the secret. Turns out that there was a third person all along who was eavesdropping and heard your conversation and you were being blamed for everything.
In this whole scenario, you are the website, your best friend is a user, third person could be any hacker or fraud third party and the secret is the valuable data which the user provides the website and this is the exact reason why the SSL certification should be there from a valid certificate authority.
We live in a world where a colossal amount of data is transferred between several authorities on a daily basis but if this data is hampered or falls in the hands of a wrong person then the whole communication system might collapse, resulting into loss of funds, wrongful thefts or even invasion of privacy.
Other examples might include,
College going students who have their whole personal details in the central management system database online, where the faculties also upload the marks and attendance accordingly. If someday this data falls into the hands of a hacker they would have the ability to change a student’s whole academic report card by messing with their academic score and even attendance.
This problem we’re talking about is a very minuscule example of how dangerous it could get, what if it’s not the marks that are being hampered what if it’s the innocent citizen’s hard earned money ,the extent of effect it might have is unimaginable.
Hence, this article sums up how vital the public key encryption protocol is in our day to day lives whether we’re sending an important email to an employee/client or we’re shopping clothes using net banking, whether we’re making a Facebook account or we’re sharing our Geo-location with our family and friend sit is important that we feel secure at each and every step we take towards trusting the communication system.
This system of networks which has evolved tremendously over the past few years has also built it’s trust level among the users and it should not lose it’s integrity thus it is important that every one of us how this whole system works not necessarily deeply but conceptually.