To do so, each party that needs to exchange keys generates a key pair. The public keys are either exchanged among the parties or kept in a database.the private keys are kept secret. When it is necessary to exchange a key, one party can encrypt it using the public key of the other. The encrypted key is then transmitted to the other party. Since only the intended recipient holds the private key that is related to the public key used to encrypt the session key, only that party can decrypt the session key. The confidentiality of the session key is assured, and it can then be used to encrypt communications between the two parties.
The step are outlined here and are illustrated in Figure 10-1. Operations 1 and 2 can take plaace at the same time, as can operations 3 and 4.