One way to share information over the Internet is via public-key cryptography. Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. The keys are related mathematically, but the private key cannot be practically derived from the public key. A message encrypted with the public key can be decrypted only with the corresponding private key.
The two main branches of public key cryptography are public key encryption and digital signatures. Public key encryption is where a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This method is used to ensure confidentiality. An analogy for public-key encryption is that of a locked mailbox with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot; however, only the person who possesses the key can open the mailbox and read the message.
Digital signatures is where a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. This method is used to ensure authenticity. An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender.
A central problem for public-key cryptography is proving that a public key is authentic, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public-key infrastructure (PKI), in which one or more third parties, known as certificate authorities, certify ownership of key pairs. Another approach, used by the software known as Pretty Good Privacy (PGP), is the “web of trust” method to ensure authenticity of key pairs.
Consumers are generating more and more content on the Internet every day. This content goes into thousands of distinct bulletin boards, blogs, and other social media applications. Unfortunately, the content of these Internet systems is not labeled with any canonical identity. So, despite public-key cryptography techniques, a user of one of these Internet systems may still not be able to associate accurately these data with anybody in particular.