Key Exchange
Public/private key pairs can be used to exchange session keys. To do so, each party that needs to exchange keys generates a key pair. The Public keys are either exchanged among the parties or kept in a database. The private keys are kept secret. When it is necessary to exchange s key, one party can encrypt it using the public key of the other. The encrypted key is then transmitted to the other party. Since only the intended recipient holds the private key that is related to the Public keys used to encrypt the session key, only that party can decrypt the session key. The confidentiality of the session key is assured, and it can then be used to encrypt communication between the two parties.
The steps are outlined here and are illustrated in Figure 10-1. Operations1 and2 can take place at the same time, as can Operations3 and4.