Encryption & Security

What is Public-Key Cryptography?

Public-key cryptography solves the problem that ordinary encryption can't: how do two people who have never met agree on a secret over an open network where everyone is listening? The answer is a pair of mathematically linked keys — one you publish to the world, one you guard. It's the foundation of HTTPS, digital signatures, and how NDEVR OWL shares files securely.

Also called
Asymmetric cryptography — the two keys are different (a-symmetric).
The pair
A public key you can share freely, and a private key you never reveal.
Two jobs
Encrypting to someone, and proving a message came from someone (signatures).
NDEVR uses
Elliptic-curve keys on the NIST P-256 curve (also called prime256v1 / secp256r1).

The Key-Sharing Problem

AES is fast and strong, but it uses the same key to lock and unlock. So before two people can exchange AES-encrypted messages, they must somehow agree on that shared key — and if they're communicating over the open internet, an eavesdropper could grab the key in transit. Public-key cryptography was invented precisely to break this deadlock.

Two Keys, One Pair

Instead of one shared secret, each person generates a pair of keys that are mathematically bound together:

The magic is a one-way relationship: it's easy to compute the public key from the private key, but practically impossible to go backwards. So you can publish your public key on a billboard, and anyone can use it to encrypt a message that only your private key can open. The secret never travels.

Encrypting and Signing

A key pair does two complementary things:

  • Encryption — anyone can encrypt to your public key, but only your private key decrypts. This is how a sender locks a message for you without prearranging a secret.
  • Digital signatures — the reverse direction. You “sign” with your private key, and anyone can verify with your public key. A valid signature proves the message came from you and wasn't altered — the basis of identity and trust online.

Hybrid encryption: the best of both

Public-key math is slow, so it's rarely used to encrypt whole files. Instead, systems encrypt the file with a fast AES key, then use public-key crypto to encrypt just that small AES key for the recipient. This combination — public-key to share the key, symmetric to encrypt the data — is called hybrid encryption, and it's exactly what OWL does.

Why Elliptic Curves

The oldest public-key system, RSA, gets its strength from the difficulty of factoring huge numbers — and to stay secure it needs very large keys (2048 bits or more). Elliptic-curve cryptography (ECC) achieves the same security with dramatically smaller keys, because it rests on a different hard problem: the “elliptic-curve discrete logarithm.”

A 256-bit elliptic-curve key offers roughly the same security as a 3072-bit RSA key. Smaller keys mean less data to store and transmit and faster computation — which is why ECC is now the default choice for modern systems, mobile devices, and anything where efficiency matters.

NDEVR's P-256 Keys

When you create an OWL account, your device generates an elliptic-curve key pair on the NIST P-256 curve (also known as prime256v1 or secp256r1) — one of the most widely deployed and analyzed curves in the world. Your public key is published so others can share files with you; your private key is encrypted with a key derived from your password (see hashing & key derivation) and never reaches the server in usable form. That key pair is what lets people seal files for you with ECIES that only you can open.

References & Further Reading