Want to keep learning?

This content is taken from the University of Southampton's online course, Secure Android App Development. Join the course to learn more.

Cryptographic keys

So far we have only talked about using cryptographic keys for encryption, but they do have other uses. Possibly the most common other use is for digital signatures.

Cryptographic keys, and the corresponding forms of encryption, come in two (at least) different types:

  1. Symmetric Key Encryption: here the same key is used to both encrypt data and then decrypt it.

  2. Public Key Encryption: here one key, the public key, is used to encrypt the data, and the other key, the private key, is used to decrypt it.

Public key encryption is based on the idea that you publish your public key, so anyone who wants it can have a copy, but keep your private key secret. Then anyone can use your public key to encrypt a message and send it to you, but only you, with the private key, are able to decrypt it.

Digital signatures

Public, private key pairs can also be used to digitally sign documents or emails etc.

The idea is that you use your private key to sign the document, and then anyone with your public key can use it to verify the signature.

If an attacker modifies the document after you have signed it they will not be able to re-sign it as they do not have your private key. Anyone who then attempts to verify the modified document with your public key will find that the verification fails, and the person verifying the document will know it has been tampered with.

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton