Content










13.2


Cisco IOS Cryptosystem Overview
 


 
13.2.3


Asymmetric encryption
 








Asymmetric encryption is often referred to
as public key encryption. It can use either the same algorithm, or
different but complementary algorithms to scramble and unscramble
data. Two different, but related, key values are required. These
values are referred to as the public key and private key. For example,
if Alice and Bob want to communicate using public key encryption, both
need a public key and private key pair. Alice has to create her public
key/private key pair, and Bob has to create his own public key/private
key pair. When communicating with each other securely, Alice and Bob
use different keys to encrypt and decrypt data.

The mechanisms used to generate these
public/private key pairs are complex. They result in the generation of
two very large random numbers. One of the random numbers becomes the
public key and the other becomes the private key. Generating these
numbers is processor intensive. The numbers, as well as their product,
must adhere to stringent mathematical criteria to preserve the
uniqueness of each public/private key pair. Public key encryption
algorithms are rarely used for data confidentiality because of their
performance constraints. Instead, public key encryption algorithms are
typically used in authentication applications involving digital
signatures and key management.

Some of the more common public key
algorithms are the Ron Rivest, Adi Shamir, and Leonard Adleman (RSA)
algorithm and the El Gamal algorithm.