Encrypted Website Payments—Public Key Cryptography

Microsoft .NET Framework, ASP.NET, Visual C# (CSharp, C Sharp, C-Sharp) Developer Training, Visual Studio

Public Key Cryptography

Public key cryptography is a common technology used to encrypt data that is sent from one place to another on the Internet and ensure that the identity of the sender is guaranteed. It works through the use of public keys and private keys, which are bits of data that are mathematically related to one another through an algorithm. Their relationship is such that the private key cannot be derived from knowing the public key. For public key cryptography to work, the private key must be kept confidential, while the public key can be made widely available.

The way in which public keys are distributed is inside of a digital certificate. A digital certificate is a file that contains a public key and information about the key, such as the name of the company that owns that public key, a certificate expiration date, and the name of a third-party company that has validated the authenticity of the certificate. This third party is referred to as a certificate authority (CA). Common CAs include VeriSign and Thawte. The CA signs the digital certificate, and certificate consumers can then validate the authenticity of the public key by using the public certificate of the CA to verify the digital signature.