Public/Private Key Pairs

A cryptographic technique, namely digital signing, is used to enforce this protection of the publisher's namespace. At the heart of the implementation are two related sets of binary data known as the public and private keys. As the names suggest, the public key may be freely distributed, whereas the private key is a secret known only to the publisher.

The keys are used as input to encryption and decryption algorithms—data encrypted via the public key can only be decrypted via the private key and vice versa (as illustrated in Figure 9.3). The RSA digital signing algorithm is used for this purpose.

The public key is used to represent the publisher's identity. In textual contexts, this is usually represented as a string of hexadecimal digits. For example, the following is the public key used by Microsoft for its .NET Framework components:

002400000480000094000000060200000024000052534131000400000100
010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c83
4c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177
108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1ab99
285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a124365
18206dc093344d5ad293

Due to their size, such public keys can be unwieldy and difficult to use in situations were they might be manipulated by humans—within source code or configuration files, for example. For this reason, an abbreviated form, the so-called public key token, is often used. Public key tokens strike a balance between usability (they are much shorter than full public keys) and security (it is extremely difficult to find a second public key that will generate an identical public key token). Cryptographic hashing techniques are used to generate the public key token from the public key (the token is a truncated form of the SHA1 hash of the public key).

The following is the public key token for the Microsoft public key previously given:

b03f5f7f11d50a3a