Let me give you my idea of public key/private key usage by going back about
40 years. This is in the day where encryption was performed by mechanical
crypto machines that had a number of rotors that could each be assembled in
various manners. As the encrypter typed the plain text message, the crypto
machine would generate a letter, increment the rotor so that if the same key
was typed, a different letter would be generated. There would be literally
thousands of ways the rotors could be assembled. The message would be the 5
character group messages that Sam Heywood mentioned.
Everybody had machines capable of decoding the message and anyone that had a
radio receiver tuned to the proper frequency could receive the message,
however, in order to decode the message, the recipient had to know how the
rotors were assembled by the sender. Obviously, the sender could not send a
plain text message giving instructions on how to assemble the rotors, yet,
the sender had to tell the intended recipient how to assemble his/her
rotors. This was done at the beginning of the message before the 5 character
groups started, thus:
ALPHA ROMEO ALPHA CHARLIE HOTEL ... (etc.)
This is the PUBLIC KEY. Everyone who received the message received the
Public Key. The people to whom the message was intended would pull out their
code book, turn to the page for the date (and possibly time) the message was
originated, and see that under rotor 1, ALPHA meant to assemble parts a, b,
c, and under rotor 2, ROMEO meant to assemble parts e, f, g, etc. The code
book page is the PRIVATE KEY. A person receiving the message who didn't know
how to set up the rotors, i.e., did not have the PRIVATE KEY, would have to
try the thousands of combinations of rotors in order to decode the message.
The necessary parts are that everyone uses the same procedure to encrypt a
message and that there is some way for the originator to tell the recipient
how the message was encrypted.
In using a secure site, the person sending his/her order would encrypt
his/her order, possibly without knowing it, attach a PUBLIC KEY to it that
would somehow tell the recipient what PRIVATE KEY was used to encrypt the
message.
PC Magazine had an article on how this was done several years ago and I can't
remember exactly (or even generally) what they said.
Hope this helps.
Roger Turk
Tucson, Arizona
