Public Key Encryption and Digital Signatures

If you are concerned about the privacy of your electronic documents and would like to make sure that only people who are authorized by you are actually able to read them, you have the option to use encryption.

Conventional methods of encryption use a so-called "key" to encrypt a document, and the person authorized to read it uses the same key to decrypt it, so it becomes readable again. This is fine as long as encryption and decryption are done at the same place, and the key is not at risk of being exposed. In order to eliminate the risk of compromising the key while sending it to the people that you want to enable to read your documents, mathematicians have devised a method where the keys for encryption and decryption are different, and knowing the key for encryption does not enable a person to decrypt a document. That is, if you want to enable your friend to send you confidential documents you would give him or her a key for encryption, and you keep the corresponding key for decryption safely on your site (for each "encryption key" there is a corresponding mathematically related "decryption key"). In fact, you can make the key for encryption public, so that anybody who wants to send you confidential documents can do so without first asking you for a key. That is why the key for encryption is called "public" key and the method is called "public key encryption".

So, if you want to enable your friend to send confidential documents to you, you need to provide him or her with a public key. If, on the other hand, you want to send confidential documents to your friend, you need to first acquire a public key from your friend. Of course, you can also use this method to store data in encrypted form so that unauthorized people have no use for the data if they get a hold of it for some reason. (Just make sure you don’t misplace your key!)

The significance of the public key encryption method becomes apparent when you consider the increasingly sensitive transactions executed on the internet every day by millions of people. Public key encryption enables secure transmission of payment information, such as credit card numbers, and other confidential data, by anybody on the internet by having the web browser retrieve a public key from the vendor's web site, and use it to encrypt your information before sending it over the internet to the vendor, who then uses its corresponding private key for decryption. The private key would be kept secure at one location and never be transmitted to anywhere.

A popular Linux program for public key encryption (and for generating the public and private keys) is GnuPG, which stands for GNU Privacy Guard. GnuPG is free and open source and comes with most modern Linux distributions.

Public key encryption also forms the basis of methods for digitally signing electronic documents, such as those produced by OpenOffice.org. This is done using so-called digital certificates which allow users to verify your electronic signature. A description for how to sign OpenOffice.org documents can be found here.