Jump to first page
 -23
Public Key Crypto Reminder
nKey pair: a secret (or private) key and a public key
nSimplified:
uIf you know the public key, you can decrypt data encrypted with the secret key
FUsually an encrypted hash value over a published piece of information; the owner is the only person who can construct the secret. Hence this a signature
uIf you know the secret key, you can decrypt data encrypted with the public key
Fdata is usually an encrypted key for symmetric cipher
nPGP uses both, DNSSEC only uses signatures
Public key cryptography theory is difficult. ItÕs based on number theory, one of the finer branches of mathematics.
See e.g. http://www.ssh.fi/tech/crypto/algorithms.html for some introduction text.

Bruce Schneier: Applied Cryptography, 2nd edition. John Wiley & Sons, 1995 is a seminal work in the field.








Only for those who want to go into the details, search for these documents:
¥ DNSSEC signatures see RFC 2536 (DSA) and RFC 2537 (RSA).
¥ The digital signature standard  (DSS) that is used in combination with DSA is described in: Federal information Processing Standards Publication 186 (FIPS 186).