An alternative way of negotiating a shared secret has to be used in order to create secure communication possibilities easy enough to practically use in every day life. With this goal, the public key infrastructure, and more specifically the OpenPGP protocol, has been created. We will first describe the general use of public key encryption.
In order to communicate a shared secret across an unsafe channel, the public/private key methods do not work with a single key, but rather with two distinct keys. Each person involved in the communication generates two keys, with a special property:
That is, every message encrypted with the public key can be decrypted using the private key, and every message encrypted with the private key can be decrypted with the public key.
Rather than keeping both keys private, every participant of the communication publishes his or her public key. This way, messages encrypted with this public key can only be decrypted by the owner of the key, thus creating the possibility to communicate secretly without having to use a secure channel to negotiate a key.
Similarly, messages arriving from a person can be verified as belonging to that person by him encrypting it with his private keys. People wishing to read the message can do so by first decrypting it with the public key belonging to that user, thus verifying he must have written it -- since he is the only one having the private key, and thus the only one able to create a sensible message that can be decrypted using the public key.
Using public/private key encryption does not completely solve our problem however. The critical point in the infrastructure is the binding of a public key to a person. Even though you can be sure that a message is encrypted by a public key, this does not necessarily mean that the private key is in the hands of the person you think it is. In order to trust a person, you will have verify his public key, usually done by comparing a
The first alternative exists of a system called "Public Key Infrastructure". Using this infrastructure, users are not asked to verify the authenticity of a key themselves, but rather depend on a trusted third party (TTP) to make this decision for them, usually called the Certificate Authority or CA. The CA is issued with the task of verifying the authenticity of users, for example by comparing their passports to the users requesting verification. This procedure is often described in some formal documentation. Universities in the Netherlands for example follow the SURFnet Policy Certification Authority. After verification, the CA creates a message saying "Key X is indeed the key of Alice", and encrypts it with his private key. After this, Alice can show the message to Bob, who can decrypt it using the CA's public key, thus verifying the CA actually trusted Alice. If Bob trusts the CA in verifying the identity of Alice, he can thus trust Alice himself.
The problem with PKI is the dependency on a CA, trusting people you've never met before and don't know of whether they are competent in the verification of a person. For this reason, an alternative exists called the Web of Trust. Using this web of trust, everybody with a key pair can publish the trust status of people they know. For example, on the Surfnet PGP keyserver the public keys of the authors can be found, signed by each other and some strangers. Using this web, one can see who verified a given public key, and thus establish at least partial trust. The advantages are that users don't have to go through a lengthy verification process, and that anyone can join the web, and choose whom to trust.