Encrypted data transfer between computer processors via the internet is widely used to exchange sensitive data among enterprise partners and for other uses. Symmetric and asymmetric encryption techniques are both used.
Symmetric encryption techniques utilize a single encryption key value to both encrypt and decrypt data. Accordingly, both a sender and a receiver must have possession of the symmetric key to implement secure data delivery.
Asymmetric encryption techniques utilize a pair of key values called the private key and the public key. Each key in the pair can decrypt date encrypted by the other key in the pair. Typically the public key is distributed to intended receivers and the private key is kept in the possession of the sender.
All public key holders may decrypt a message encrypted by the sender using the private key. This assures the public key holder that only a person in possession of the private key could have encrypted the message. Further, the holders of public keys can use the public key to encrypt private messages that can only be decrypted using the private key.
Another use of asymmetric encryption is to digitally sign a document to assure the receiver that the data originated with the holder of the private key and has not been changed. The document is hashed into a small field of data called the message digest. The message digest is then encrypted with the private key into a signature for the data and sent along with the unencrypted document to the receiver. The receiver uses the public key to decrypt the signature to obtain the message digest thereby assuring that the message was sent by the holder of the private key. The receiver then hashes the received unencrypted document into a message digest. If the two message digests are the same then the data has not been changed.
Encryption using a symmetric algorithm is faster than using an asymmetric algorithm. However, a major problem is distribution of the single symmetric key value to multiple parties. Using an asymmetric encryption scheme greatly reduces the number of keys required and the problem of key distribution.
PGP (Pretty Good Protection) is a hybrid symmetric/asymmetric technique that eliminates the problems and utilizes the benefits of both systems. In PGP a symmetric PGP session key is generated that will be used only for the current session. The PGP session key is a random number generated by a processor in response to user input such as mouse movements or keystrokes.
The sender and receiver use a pair of PGP asymmetric public/private encryption keys to encrypt and decrypt the symmetric PGP session key. At the sender, the symmetric PGP session key is encrypted using the PGP asymmetric public key and transmitted to the receiver in a PGP header packet. The message text is then encrypted using the session key and stored in I/O memory as encrypted text. The encrypted text is then transmitted to the receiver.
At the receiver, the encrypted text is stored in I/O memory. The encrypted symmetric PGP session key is decrypted using the PGP asymmetric private key. The decrypted PGP session key is then used to decrypt the encrypted text stored in I/O memory.