What is PKI and why do we need it? PKI stands for **Public Key Infrastructure**, that utilizes public and private key asymmetric encryption to create an encrypted channel between two parties through a public medium.

Let’s see what we mean about that. We have Bob and Alice who wants to communicate and exchange private information through the Internet. They are in a public environment as anyone who has certain access to the networks they are routed through can listen to every bit of their communication. As a solution they plan to encrypt their messages, with a secret key Alice could scramble her message and send it to Bob, when Bob receives it he could re-assemble it using the same key, and vice-versa. This is called **symmetric encryption**. The same key is used for scrambling and re-assembling.

If you check the encryption cipher suite that your connection use at this very moment with this website, you will see something like: **TLS_RSA_WITH_AES_256_GCM_SHA256**, where the symmetric algorithm used by you and OpenTechTips.com for encrpyption is shown after the key exchange method, which is the AES algorithm with 256bit block size. To put it simple, their messages are broken up into 256bit large blocks, those are scrambled and reassembled with the 256bit secret key they both know. Neat.

So far so good, but how do they agree on the secret key, they are in public so anybody could intercept their secret key also and decrypt their messages on the fly. So, what do they do? In theory they could use a different medium to exchange the encryption key, like writing it down, posting it to the other, or agree on it on the phone, but doing so every time would be difficult. Not to mention all of their other friends who they want to communicate with separately, sending a secret key each time somehow before they start to talk is just not feasible.

How can they agree on a secret key that they can use for the rest of their communication through the same internet line with so many potential eavesdroppers? What if there was a method that allowed Alice to encrypt her secret message that contains their future encryption key, but that special message could only be decrypted by Bob, nobody else, even if they intercepted Alice’s message?

This is where PKI comes in the picture. One of the most famous asymmetric algorithm used is the **RSA cipher** that was created by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977.

Asymmetric, because it accomplishes exactly the previously described situation: it works with two keys, a **public and private key**. As their names show the public key is accessible for everyone, so anyone can encrypt their message with it, but only Bob can decrypt the message, nobody else as the encryption process only works one way, the public key cannot be used for decryption.

In an over-simplified way, it is done by using two very large prime numbers, multiplied by each other. The public key contains the single multiplied number, using that the message is encrypted, and it only can be decrypted by knowing the two initial prime numbers. In theory you could figure out what those numbers are, but that process would take an incredibly long time as the private keys are 1024 bits long, that makes the public key 2048bit large.

One single **private key is** **309 decimal digits long**, just imagine it!

Bob on the other end knows the two initial prime numbers, with those he can compute Alice’s original message, that contains the secret key for the AES265 channel they are intending to build out to encrypt their actual communication.

You might ask: why don’t they use PKI, asymmetric encryption for the whole communication, scrambling and re-assembling their actual messages, not only the initial secret key?

It would be possible, however because PKI uses such huge numbers, even though Bob knows the numbers to decrypt messages, it is very costly for the computer, uses a lot of computer capacity and slow, using it all the way would slow their message exchange down a lot.

## Community Questions