Chapter 11 Β· Public Key Infrastructure

Elena and the Key Problem

Elena, security architect at SecureBank, needs to allow 10,000 employees to send encrypted messages. A single shared key won't scale. She needs something more powerful.

The Suitcase Handcuffed to a Courier

In the old days, secure communication meant one thing: both sides had the same secret key. Movies showed couriers handcuffed to suitcases β€” the key physically delivered to both parties before any message could be exchanged.

For two people, this worked. Elena's predecessor had used exactly this system for a small team. One shared key. Everyone who needed to decrypt messages had a copy.

But Elena was building encryption for 10,000 employees. Each needed to communicate securely with each other and with external partners. The math was staggering: to give every pair of employees their own unique key, you'd need nearly 50 million keys. Distributing them, managing them, rotating them β€” impossible.

"Symmetric encryption is fast," she told her team. "But it doesn't scale. We need something different."

πŸ”‘ Symmetric EncryptionUses the SAME key to encrypt and decrypt (also called a secret key or shared secret). Fast and efficient, but has a fundamental problem: the key must be securely shared with every person who needs to decrypt. With many users, this becomes a massive scalability problem.

Asymmetric Encryption: Public and Private

Elena's solution was asymmetric encryption β€” a system using two mathematically related keys instead of one.

She generated a key pair for herself: a private key (kept absolutely secret, password-protected, stored locally) and a public key (posted publicly β€” on her email signature, the company directory, even her LinkedIn profile).

"Here's the magic," she explained. "Anyone with my public key can encrypt a message and send it to me. Only my private key can decrypt it. Not even the person who encrypted it can decrypt it with the public key."

Her analyst looked skeptical. "So my bank can post a public key everywhere, anyone can use it to send them encrypted data, but only the bank β€” with the private key β€” can read it?"

"Exactly. And critically β€” even though the public and private keys are mathematically related, you cannot derive the private key by looking at the public key. The math makes it computationally infeasible to reverse."

πŸ” Asymmetric EncryptionUses two mathematically related but different keys: a public key (anyone can have it) and a private key (only the owner). Encrypt with the public key β€” only the private key can decrypt. You CANNOT derive the private key from the public key. Slower than symmetric but solves the key distribution problem.

The Classic Example

Elena used the classic example to train her team: Alice and Bob.

Alice generates a key pair. She publishes her public key everywhere β€” it's freely available. Bob wants to send Alice a secret message: "You're hired, Alice."

Bob takes Alice's public key, encrypts the message, and sends the resulting ciphertext. Anyone who intercepts it β€” including Bob himself β€” cannot decrypt it. The only key that can decrypt it is Alice's private key, which only Alice has.

Alice receives the ciphertext, uses her private key, and decrypts it. "You're hired, Alice."

"Simple," Elena said. "One public key, shared with everyone. One private key, known only to Alice. No suitcase. No courier. No key distribution problem."

The team nodded. The scalability math had transformed: instead of needing a unique key for every pair, each person needed only one key pair. 10,000 employees = 10,000 key pairs. Manageable.

Fast and Secure β€” Pick Both

There was a catch. Asymmetric encryption was mathematically complex β€” much slower than symmetric encryption. Encrypting large files or high-volume data streams with asymmetric algorithms introduced unacceptable performance overhead.

"In practice," Elena explained, "we almost never use asymmetric encryption for the actual data. We use it to securely exchange a symmetric key β€” then use that symmetric key for the fast bulk encryption."

This was the hybrid model used in TLS, HTTPS, and VPNs: asymmetric for the handshake and key exchange, symmetric for the actual data. The best of both worlds.

Creating a Key Pair

Elena walked her team through key pair generation. The process involved extensive randomization and very large prime numbers β€” the mathematical foundation that made the relationship between keys strong but irreversible.

"For an individual like Alice," she said, "you generate your key pair once. It takes seconds. After that, you have your public key β€” post it everywhere β€” and your private key, which you protect with a strong password."

For the bank's servers, key generation happened through the Public Key Infrastructure β€” PKI. PKI was the broader ecosystem: policies, procedures, hardware, and software responsible for creating, distributing, managing, storing, and revoking digital certificates and their associated keys.

What If Someone Leaves?

An analyst raised a concern: "What happens when an employee leaves? If they encrypted files with their private key and then leave, we can't decrypt them anymore."

Elena nodded. "That's key escrow. In a corporate environment, the organization may hold a copy of private keys in a secure vault β€” the key escrow system β€” managed by a trusted third party or the organization itself."

"Isn't that dangerous?"

"It requires careful access controls. But the alternative β€” permanently losing access to encrypted corporate data when an employee leaves β€” is also dangerous. Government agencies sometimes require key escrow from partners to ensure they can always access data relevant to investigations."

Elena set up the bank's key escrow system: a Hardware Security Module vault, with access requiring multi-person authorization. Controversial β€” but necessary at enterprise scale.

βœ… The Core LessonSymmetric encryption: one shared key, fast, scalability problem. Asymmetric encryption: public/private key pair, slower, solves distribution. You cannot derive the private key from the public key. In practice: use asymmetric to exchange a symmetric key, then symmetric for bulk data. PKI is the infrastructure for managing certificates and keys. Key escrow stores private keys for enterprise recovery.