Understanding the Security Advantages of Public Key Cryptography
You may be wondering if public key cryptography provides any security advantages over symmetric cryptography. The answer is yes, and it’s important to understand the differences in the security models they offer.
Contrary to your assumption, a secure channel is not required to obtain a public key. Instead, a trusted third party can bind a public key to a specific identity through a digital signature. This signature can be verified by anyone, preventing the key from being manipulated or swapped out without detection.
For example, in the case of HTTPS, servers present an X.509 certificate signed by a certificate authority. In PGP/GPG, a web of trust can be built by accepting people as trustworthy. None of these methods require a secure channel.
Even when communicating directly with a single peer, public key cryptography only requires an authenticated channel, not a secret one. You can place your public key anywhere on the Internet and let your peer download it. To ensure the key’s correctness, you can confirm its hash in a call or personal meeting. No secret information needs to be transmitted.