FAQ -- IDseal's Public Key Cryptography FAQ

1. What is public key cryptography?
2. What is a public and secret key pair?
3. How does public key cryptography operate?
4. What is a pass phrase?
5. How do my public and secret keys relate to my email address?
6. What happens if I lose my secret key?

What is public key cryptography?

Public key cryptography uses a key pair, a public key and a secret key, to control encryption, decryption, and digital signature operations. The public key can be distributed to anybody who wants to communicate with you. The secret key is to be kept secret, i.e., the owner of the key is the only person who should have access to the secret key. To provide an extra level of protection, the secret key is protected by a pass phrase.

What is a public and secret key pair?

Each of the public and secret key is a sequence of binary digits (bits). The public and secret keys are related by a mathematical expression, and that is why they are called a key pair. It is mathematically intractable to derive the secret key from the public key. A message that is encrypted using a public key can be decrypted only using the corresponding secret key. Furthermore, a message that is signed using the secret key can only be verified using the corresponding public key. That is why they are usually called a key pair.

How does public key cryptography operate?

Public key cryptography can be used for encryption, decryption, digital signature insertion, and signature verification. In the following example, let us suppose Bob has a public/secret key pair, and that Bob has distributed his public key to Alice.

Suppose Alice wants to encrypt a message and send it to Bob so that only Bob will be able to view the message. Alice takes Bob's public key, and encrypts the message using Bob's public key. The encrypted message is sent to Bob. Upon receiving the encrypted message, Bob decrypts it using Bob's own secret key. Since the message was encrypted using Bob's public key, it requires Bob's secret key for decryption. Since Bob keeps the secret key to himself, Bob is the only person who will be able to decrypt the message.

Suppose Bob wants to digitally sign a message so that anyone can verify that the message coming from Bob is authentic. Using public key cryptography, Bob signs the message using Bob's own secret key. Since the message is signed with Bob's secret key, Bob's public key is required to verify the signature. When Alice receive a message from Bob, Alice can verify the authenticity of the message using Bob's public key. Once the signature is verified with Bob's public key, Alice can be sure that the message came from Bob because the message requires Bob's secret key for signing, and Bob is the only person who has access to his own secret key. It also means that if Alice can verify a message using Bob's public key, then Bob cannot deny that he had signed the message because Bob is the only person who can sign it with his own secret key. It is important to note that since signature verification only requires Bob's public key, any person will be able to verify the message to determine if it is authentic or not.

What is a pass phrase?

From the pervious question How does public key cryptography operate?, we can clearly see the importance of keeping the secret key secret. In practie, the secret key consists of a string of numbers store on a computer. To offer an extra level of protection, the secret key is protected using a pass phrase pretty much like a password. Whenever the secret key is used, the cryptographic software will prompt the user to enter the pass phrase. If the pass phrase is correct, the cryptographic operation continues. Otherwise, it will stop.

Note that the pass phrase is called a "pass phrase" rather than a "password". Historically, this term is used to encourage users to use long phrases (can include spaces in it) rather than using a short word.

How do my public and secret keys relate to my email address?

A public key and a secret key can be related to a person using an email address. This is actually the way our system works, i.e., our software is designed to use email address as the link between a person and his/her key pair. Since a person can have multiple email addresses, it is possible to associate multiple email addresses with the same key pair. The IDseal system provides a very simple mechanism to edit the email addresses that are associated with a key pair. Note that a person can only change the email address association for his/her own key pair, as this is a security requirement.

What happens if I lose my secret key?

If the secret key is lost, there is no way to recover it. That also means you will lose the ability to decrypt the messages that were encrypted using your public key. There is no remedy of this situation. Similarly if you forget your pass phrase, there is also no way to recover it.

As a practical matter, we strongly recommend that you make a back up copy of your public/secret key pair on a removable media such as a removable disk or a floppy disk. Also you should write down your pass phrase somewhere either on a piece of paper or in a computer file on a removable media. Then you should put the removable media in a very very safe place, such as in a safe deposit box in a bank.

In the unfortunate case that you actually lost your public/secret key pair and/or your pass phrase, you will need to generate a new key pair. This means you will need to redistribute you public key to people who wants or needs to communicate with you. As you can see, this is very very inconvenient at best. So you really should take precaution to back up your key pair and storing it safely.

To back up your key, please read How do I backup my key pair?