What is Public Key Cryptography?
Cryptography is the science of secrecy. Cryptographers design secure communication systems, and encryption is their most important tool. Simply put, encryption scrambles messages so they can’t be read. You start with a message called the plaintext and convert it to nonsense, which is called the ciphertext. Decrypting reverses the process, converting ciphertext back into readable plaintext.
Symmetric encryption is the most familiar type. You need two things to encrypt a message: a key and an encryption algorithm. The key is a string of letters and numbers. The algorithm is a set of instructions for combining the key with the plaintext to create the ciphertext. To decrypt the message, you give the same key and the ciphertext to a related algorithm, and it spits out the plaintext. Only someone with the key can decrypt the message.
For symmetric encryption to work, the sender and recipient have to share a secret, the key. But what if you want to encrypt a message where there is no shared secret? This is a common need on the internet. For example, I want to send a secret message to a friend. I can encrypt it, but how do I get the key to them? I can’t just send it over the internet because someone spying on my connection could intercept it and decrypt the message too.
The solution is public-key cryptography, which is also called asymmetric encryption. With public-key cryptography, we use two keys, a public key and a private key. Only the private key can decrypt messages encrypted with the public key. Only the public key can decrypt messages encrypted with the private key.
When I want to send a secret message to my friend, I ask them to send me their public key. I use it to encrypt the message and send them the ciphertext. They use their private key to decrypt it. Provided they keep the private key secret, anyone with the public key can send a message only they can read.
Public key cryptography has two significant consequences. The first is that there are no shared secrets. The second is that the person with the private key can prove who they are by decrypting a message. If I encrypt a message that says “hello” with a person’s public key, and they tell me, “You said hello, ” I can be certain they have the private key. It might not be obvious why that matters yet, but it’s the foundation of online security, including HTTPS encryption and SSH keys.
SSH Keys: SSH Authentication with Public Key Cryptography
SSH key authentication uses the mechanism we just described to verify your identity when you want to log in to your server.
It works like this:
- You create a pair of keys, one public and one private. You upload the public key to the server, and you keep the private key secret on your local computer.
- When you connect to the server with SSH, the client on your computer tells the SSH daemon which public key is yours.
- The server creates a random string of letters and numbers, which it encrypts with your public key and sends to the client.
- The client decrypts the message using the private key. Remember, only your private key can decrypt messages encrypted with your public key.
- The client takes the decrypted message, hashes it, and sends the hash back to the server. A hash is a sort of one-way cryptographic function. The same string always produces the same hash.
- The server now hashes the original message and compares it to the hash sent by the client. If they match, it proves you have the private key and you are authenticated.
Provided you keep the private key secret, this method of authentication is reliable and secure. It isn’t vulnerable to brute-force and dictionary attacks. It also helps avoid the problems that arise when users think “pa55word” is an ingenious solution to their password management problems. Of course, all bets are off if the private key is stolen, but that’s a limitation of all authentication mechanisms.
How to Generate Public and Private Keys with cPanel
To use SSH keys, you need a key pair. There are several ways to create key pairs, but one of the easiest is cPanel’s SSH Access tool, which you’ll find in the Security section of cPanel’s main menu.
- Open SSH Access and click Manage SSH Keys.
- Click Generate New Key.
- Enter a name for your keys, or you can create a key pair with the default name “id_rsa.”
- Enter a password for an additional layer of security. Be sure to copy the password and store it safely. It won’t be displayed again, and it can’t be recovered.
- Click Generate Key at the bottom of the page.