Open in app

Sign in

Write

Sign in

Public key cryptography, Digital Certificates and Signatures, in Java

rizahorasan
4 min readOct 29, 2021

Short introduction …

In Public-key cryptography (a.k.a asymmetric cryptography) a pair of keys are used. Each pair consists of a public key and a private key. Public key and private key depend on each other and they are mathematically related. However, generation of the key pairs is subject to one-way functions. Hence, relation between the public and private keys are very hard (in the context of computational complexity theory) to find.

Effectiveness of a Public-key cryptography system depends on keeping the “the private key” private.

Digital Signatures are used for Authentication, Integrity and Non-repudiation. Assume that a private key is bound to a specific user. Then a validated signature means the signature (and the related message) is sent by the When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by the specific user.

Components in Public key cryptography …

Public Key: The public key may be freely distributed and it’s used in encryption process.

Private Key: Public Keys’s paired private key must remain secret and it’s used in decryption process.

Encryption: “In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Decryption: “Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.

Relationship between public and private keys: “A public key system is so constructed that calculation of one key (the ‘private key’) is computationally infeasible from the other (the ‘public key’), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair.

Digital Certificate: Digital certificate (aka public key certificate, identity certificate) shows the owner of a public key. A certificate includes public key, owner and issuer information. Digital certificates used for distributing the public keys.

Hashing (hash function): “A cryptographic hash function is a hash function which takes an input (or ‘message’) and returns a fixed-size string of bytes. The string is called the ‘hash value’, ‘message digest’, ‘digital fingerprint’, ‘digest’ or ‘checksum’.

Signature: A digital signature is used for validating the sender of a message. Private key is used for generating the signature. A signature can be validated using a Public Key.

Implemented scenario in Java …

Once again Alice wants to talk to Bob in private over an un-secure environment.

Step 0: Alice and Bob are both known to the environment. They both know (can access) each other’s end point location and the public keys.

Step 1: Alice wants to talk to Bob in private.

Alice prepares a crypto package. The package includes

  • an encrypted message (the message is encrypted using Bob’ s Public Key by Alice).
  • a signature (the signature is generated using Alice’s Private Key by Alice)

Step 2: Alice gives this crypto package to environment. The environment is unsecure, this package can be reached by third parties. The environment forwards the package to Bob.

Step 3: Bob receives the crypto package.

  • Bob decrypts the message using his Private Key.
  • Bob verifies the signature using Alice’s Public Key.

How to run the application …

Run the main method in CryptoCommunicationExample as a Java Application.

You will get a console output like below.

STEP [0] -------------[alice]: I am known to the enviroment.[bob]: I am known to the enviroment.STEP [1] -------------[alice]: I want to send a secret message to bob[alice]: My secret message is: 1001_1002_1003[alice]: I will use bob's 'Public Key' to encrypt the message.[alice]: so I have downloaded bob's certificate from environment.[alice]: I want bob to verify that the message is really prepared and sent by me.[alice]: so I put a 'Signature' to the CryptoPackage. The 'Signature' is prepared using my own 'Private Key'.STEP [2] -------------[internet]: I received a call request from alice to bob[internet]: I know who 'bob' is[internet]: It is OK if third parties see the message.[internet]: The message is :  xxx (in encrypted form)[internet]: I have forwarded the call request to 'bob'.STEP [3] -------------[bob]: I have received a cryptoPackage from 'alice' (via 'internet')[bob]: I will decrypt the message using my own 'Private Key'[bob]: I am able to decrypt the message so I am sure that the message is sent to me.[bob]: However I am not sure if the message is sent by 'alice'[bob]: so I will verify the 'signature' using alice's 'Public Key'.[bob]: I will use alice's 'Public Key' to verify the signature.[bob]: so I have downloded alice's certificate from environment.[bob]: 'Signature' is valid. The message is sent from 'alice'---------alice sent:  1001_1002_1003bob received:  1001_1002_1003

You can find the implemention in GitHub.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

rizahorasan
rizahorasan

Written by rizahorasan

4 Followers
1 Following

software developer, software architect, software something.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams