Public-Key Cryptography and Windows PKI: How it works (Microsoft Windows 2000/2003/XP)

Most of your customers have concerns about the security of the data they send and receive. Some Microsoft Windows operating systems include a native public-key infrastructure (PKI) that allows for both encryption and signing. Public-Key Cryptography guarantees that encrypted outgoing data can be understood only by the intended recipient, and ensures that signed incoming data actually came from the indicated source.

When Public-Key Cryptography is used, each person has two keys, a public key he/she shares with the world, and a private key that only he/she knows. Keys are mathematical values used to both encrypt and decrypt data. To send protected data to Jane, Joe must know Jane's public key and use it to encrypt the data. Once encrypted, only Jane, using her private key, can decrypt the data. Jane can safely send her public key out to the world, but must protect the private key. Anyone can encode data using her public key, but only Jane can decrypt it accurately.

Suppose Joe needs data from Jane, and wants to make sure it is coming from only Jane. Jane can use her private key to encrypt the data. The data is not secure now because anyone with her public key can decrypt the data. However, only Jane's public key can decrypt the data from her. If Joe uses Jane's public key and decrypts the data successfully, he knows the data came from Jane. Jane's use of her private key to encode the data is a way of signing her name to the data.

The public-key infrastuctrue of Windows permits high levels of security for email, internet exchanges, and local network traffic. Use the above examples to cut through your customer's anxiety.