Public Key Encryption

Public Key Encryption (PKE) can make you a much harder target …. but it may not protect you.

PKE is a very strong form of encryption called PGP (Pretty Good Privacy) with an open source version GPG (Gnu Privacy Guard).

Assuming you keep your private key safe with a strong password, it is difficult to crack and takes a long time even with a lot of resources thrown at it.

Let’s say you and I are going to use this form of encryption to communicate. We can use it across email, voice, chat, documents. It will secure the contents but not the header information (metadata) or in the case of an email subject line. That is, it will not secure information identifying that you have sent an email, the subject of that email, who it was sent from and who it’s being sent to over the internet.

An attacker can use this information to target your machine or device with, for example, a malware attack, and gain direct access to your keys. With this access, the attacker can see and do what you see and do. This is the Gotcha!.

The way it works is that we both have a public key known to everyone. I take your public key, you take mine. I send you something locked with your public key, so you can open it with your matching private key and vice versa.

That private key, however is stored by you on a digital key ring on your computer or another device like a USB that you will plug into your computer. An attacker can access these files with a password.

If an attacker has access to your computer, they could potentially see anything plugged into or connected to your computer as well. With this level of access, they will have access to your passwords and private digital keys, and so they can access your encrypted files.

Adapted from Ernst (2013)

See also encryption.

Leave a Reply

Your email address will not be published. Required fields are marked *