Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Encryption can be thought of as locking something valuable into a strong box with a key. Conversely, decryption can be compared to opening the box and retrieving the valuable item. On computers, sensitive data in the form of e-mail messages, files on a disk, and files being transmitted across the network can be encrypted using a key. Encrypted data and the key used to encrypt data are both unintelligible.
Typically, public key encryption is not used to encrypt large amounts of data. However, public key cryptography does offer an efficient method to send someone the secret key that is used when a symmetric encryption operation is performed on a large amount of data.
As an example, suppose Bob wants to send Alice a large number of encrypted files. For performance reasons, he will use a symmetric encryption key algorithm, such as Data Encryption Standard (DES), to encrypt the data. To send the encrypted data and the DES secret key needed to decrypt the data securely, Bob will encrypt the secret key with Alice's public key obtained from her certificate. Because her public key was used to encrypt the secret key, Alice, using her private key, will be the only one able to decrypt the DES secret key and thus decrypt the DES-encrypted data.