To maintain secure communications between a client and host, public-key cryptography techniques are used for:
Authentication – verifying the identity of both the client and the server; Public-key cryptography techniques use digitally signed certificates that identify network entities.
Encryption – modifying data so that it can be read only by the party for whom it is intended. When used with a user’s private key, certificates encrypt and decrypt messages.
Unencrypted messages are known as plain text. Encoding the contents of a message is called encryption. This encrypted message is the cipher text. Decryption is the process of retrieving the plain text from the cipher text. A key is usually required to perform encryption and decryption. A CipherSuite defines the parameters and methods supported by both the client and server that perform the encryption and decryption.
Public-key encryption uses a pair of keys for encryption and decryption. One key is secret (the private key) and the other is distributed (the public key). You send your digitally signed public key (certificate) to anyone with whom you wish to communicate using encoded data.
Messages that are sent to you are encrypted with your distributed public key and decrypted by your private key, while messages sent by you are encrypted with your private key and decrypted with your distributed public key. RSA encryption is a widely used public-key encryption system.
For more information on RSA and public-key encryption, see
the RSA Web site.
