Each certificate contains a key pair that consists of two keys that are linked cryptographically. If you encrypt data with one key, the data can be only decrypted with the other key. Although a key pair can be created easily when both keys are generated simultaneously, the process of deriving one key from the other is extremely difficult. (In cryptographic terms, the process is computationally infeasible).
When generating a key pair, one key is designated as the public key, and the other key is designated the private key. The public key can be made widely available, but the private key must be kept secret and not shared with anyone. As long as the secrecy of the private key is maintained, the key pair can be used to perform the following functions:
Encryption – If someone wants to send you a secret message without anyone else viewing it, the message can be encrypted with your public key. Because you alone possess the private key, only you can decrypt the message.
Encryption is also referred to as confidentiality.
Digital signatures – If you encrypt data with your private key, it can be decrypted only with your public key. Because your public key can be made widely available, this encryption method does not actually protect the content. However, digital signatures prove that a message came from you because only your private key could have generated it.Note:
When generating a digital signature, the entire message is generally not encrypted. Instead, only a hash of the message is encrypted, typically by using a digest algorithm like SHA-256.
This approach protects the integrity of a message. A decrypted signature that matches the digest of the original message guarantees that, not only did the message came from you, but it has remained unaltered since you signed it.
The following public key algorithms are used primarily in certificates that facilitate TLS communication:
- RSA – Based on the multiplication of large prime numbers.
- EC – Based on computations that involve special types of elliptical curves.
Although RSA is supported more widely than EC, it is slower and requires larger keys to achieve the same level of security. To support legacy clients, we recommend that you use an RSA certificate and choose a key size of at least 2,048 bits.
If all your clients support EC certificates, we recommend that you use an EC certificate with a key size of at least 256 bits.