Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Public-key cryptography provides a way for users to securely exchange information. It also enables a host with other useful security techniques, including authentication (remote connections without the need to exchange sensitive information), digital signing (to provide document integrity), and nonrepudiation (someone cannot deny having sent a message).

Assume Bob and Alice want to exchange private encrypted messages over an unsecure system (like the Internet). They choose an encryption method that will make the messages unreadable to any person who happens to capture the transmissions. Bob encrypts the message using an encryption key. Alice must have this key to decrypt the message. Now, the basic problem: how does Bob get the key to Alice so she can decrypt the message? Bob could call Alice on the phone, but what if the phone line is tapped? Bob could send it via courier, but the key could be compromised. While this seems paranoid, consider that military communications are under constant scrutiny by attackers or foreign defense agencies. The same threat extends into the competitive corporate world and the financial world.

Traditionally, both the sender and receiver have already agreed on a key. Before leaving port, a submarine captain is handed a decoder book that will unscramble encrypted radio messages from home port. This is symmetric cryptography (both parties know the same secret key), and it is often referred to as secret-key cryptography. DES (Data Encryption Standard) is a common secret-key encryption. These single-key methods are described under "Cryptography."

But it is not always the case that parties who need to exchange messages know and/or trust each other or have previously exchanged keys. In 1976, Whitfield Diffie and Martin Hellman developed the concept of asymmetric public-key cryptography. In this scheme, a person uses a program to generate two keys. The keys are mathematically related through a special function that is very difficult to reverse. One key is kept private and the other is put in a public place, much like phone numbers are listed in a phone book. To send someone a private message, you look up their public key, encrypt the message, and send it to the owner of the key. The owner decrypts the message with their private key. Only the private key can decrypt messages encrypted with the public key. Therefore, the private key must be kept safe and secure.