Public Key Cryptography

Public Key Cryptography

In public key cryptography systems, such as RSA, each user has a key-pair containing both a public and a private key. Anything encrypted with one of the keys can be decrypted with the other. A signature is formed when data is encrypted with a user's private key. The receiver verifies the signature by decrypting the message with the sender's public key.
The fact that the message could be decrypted using the sender's public key means that the holder of the private key created the message. This process relies on the receiver having a copy of the sender's public key and knowing with a high degree of certainty that it really does belong to the sender, and not to someone pretending to be the sender.
In order to validate the CA's signature, the receiver has to know the CA's public key. Normally this is handled out-of-band or through an operation done at installation. For instance, most web browsers are configured with the public keys of several CAs by default.
On private networks, on the router or the firewall, one uses IKE to handle digital signatures.