Keys are used for authentication and authorization. They grant access to systems or structures. Physical keys - on the one hand - open doors that let you into physical spaces.
Private and public keys do the same, except that they combine to allow connection and digital encryption/decryption processes. These keys are digital in nature.
Having laid that foundation, let’s jump into the article.
Definition: Private Key vs Public Key vs Mnemonics
Private keys are digital codes. Ones created, stored, or handled by a single individual owner. Their purpose is to aid the entity in gaining access to a digital system, hence the name ‘keys’.
Public keys are also understood in the same manner as above. They are digital codes created, stored, or handled by a public entity.
Mnemonics are a set of words organized in a number list format. They are keys quite alright. But they are made up of random words in a series intended to be applied as it appears.
How Public Key Infrastructures (PKI) Work
Private and public keys are always implemented together. That means for every private key created, a corresponding public key is also created. This is so because both keys are needed for a digital session.
Here’s how it works.
A user’s browser contains a digital certificate. When the browser is used to access a website for the first time, the certificate is activated. Its purpose is to generate a private and public key.
The private key is stored on the user’s device. On the other hand, the public key is store on the website server. Both keys are applied for authentication of the user.
What it means is that, in subsequent login sessions, the user’s device automatically submits the generated private key. The website server receives this encrypted key. It will then apply it to the generated public key.
If both keys match, the user is authenticated, and they get access to the website.
How the Mnemonics System Works
Mnemonics are different from public-private keys. They are not automatically applied. In fact, they require attention and engagement from users.
Here’s what mnemonics are like.
Think of ten words - without repeating any. Ensure these words are random and have more than three letters on average. Number them from one to ten.
Now, write all the words down in a list format. It would help if you had a word numbered one, another numbered two, and another numbered three - up to ten. You’ve just created a mnemonic.
In a mnemonics system, the first word is the first key. The second word is the second key, and so on. A typical mnemonic will consist of ten keys, but some can have up to twelve.
Websites or systems that rely on mnemonics create new ones for each new user. The list is displayed to the user, who is then asked to copy it out.
Once the user confirms that they’ve copied their mnemonics key, they’re given a quick test. For example, the system might ask what keys 1, 5, and 9 are.
Technologies Associated with Public and Private Keys
Talking about public and private keys brings the topic of relevant/related technologies. Three such technologies are SSL, TLS, and HTTP.
SSL:
SSL stands for Secure Sockets Layer. This technology is a digital certificate. It is responsible for creating a secure connection between a user and the public server they are accessing.
TLS:
TLS stands for Transport Layer Security. Here is an updated version of the former and more common SSL.
HTTPS:
HTTPS stands for Hyper-Text Protocol Secure. It is represented by a lock symbol. This indicator declares a successful connection and browser-server certificate process.
If an HTTPS symbol appears, it implies that an SSL/TLS is active for that specific session.
Comparison Between Public-Private Keys and Mnemonics
| Factor | Public Key Infrastructure (PKI) | Mnemonic Systems |
|---|---|---|
| Security | High security with encryption and digital signatures | Generally secure if the mnemonic is kept private |
| Complexity | More complex, requiring certificates and a trusted authority | Simpler to understand and use |
| Usability | Can be difficult for non-technical users | User-friendly; easier for individuals to remember |
| Key Recovery | Certificates can be reissued, and recovery processes are established | Recovery is dependent on remembering the phrase |
| Scalability | Highly scalable, suitable for large organizations | Limited scalability; more suited for individual use |
| Management | Requires infrastructure for certificate management | Minimal management required; just the mnemonic phrase |
| Trust Model | Relies on a centralized trust model (Certificate Authorities) | Trust is decentralized; relies on personal responsibility |
| Cost | Can be expensive due to infrastructure and maintenance costs | Generally low cost; primarily software-based solutions |
| Interoperability | Highly interoperable across various systems | Limited interoperability; primarily used in specific contexts |
| Phishing Risks | Vulnerable to social engineering attacks if keys are not protected | High risk if the mnemonic is exposed or forgotten |
Conclusion
Public-private keys and mnemonics are both relevant as security measures. They are a thing in the crypto world, as they help protect assets.
