This article on VPN security was provided by VPNLUX, a premium service provider, which also accepts payments in Bitcoin.
The public key infrastructure (PKI) also known as the Asymmetric cryptosystem uses two related algorithm keys, the private key which is kept within the system and the public key which is exposed to the public. The two keys have different purposes, where one is used for decrypting and the other for encrypting data contrary to the symmetric cryptosystem, where one key, just like a door key; it opens and locks. In this system, the creation, the sharing and the delivery of the key can be accomplished easily than in private key, since one of the two elements, the public key is made public. The public key system is very attractive and provides digital signature and a long –term data encryption. This means that you do not have to keep on replacing the key. The public key cannot however boast all the advantages on its own, since its efficiency relies on one hand greatly on the private key. It is also somewhat slower than the private key.
Where data is encrypted using a private key, a public key is required for its decryption and where data is encrypted using the public key, the private key is required for its decryption. This is how the digital signature is implemented. Digital signature is a data authentication mechanism. It proves that text information comes from a given sender effectively. For instance, when A sends B a message, A writes the message and signs it by encrypting it using his private key, to prove that the message has been effectively written by him. The same message is received by B, and to prove that the message effectively sent by A, B decrypts it using A’s private key. The public key is typically attached to the signed messages.
The combination of digital signature and encryption can therefore be used for privacy and authentication.
To enhance and strengthen digital signature, where applicable, other techniques could be deployed. Hashing is therefore such other technique deployed. It is a one way encryption and uses a small compressed and unique representation of the whole message.