Editing Diffie–Hellman key exchange (section)

=== Public key ===
It is also possible to use Diffie–Hellman as part of a [[public key infrastructure]], allowing Bob to encrypt a message so that only Alice will be able to decrypt it, with no prior communication between them other than Bob having trusted knowledge of Alice's public key. Alice's public key is <math>(g^a \bmod{p}, g, p)</math>. To send her a message, Bob chooses a random ''b'' and then sends Alice <math>g^b \bmod p</math> (unencrypted) together with the message encrypted with symmetric key <math>(g^a)^b \bmod{p}</math>. Only Alice can determine the symmetric key and hence decrypt the message because only she has ''a'' (the private key). A pre-shared public key also prevents man-in-the-middle attacks.

In practice, Diffie–Hellman is not used in this way, with [[RSA (cryptosystem)|RSA]] being the dominant public key algorithm. This is largely for historical and commercial reasons,{{citation needed|date=November 2015}} namely that [[RSA (security firm)|RSA Security]] created a [[certificate authority]] for key signing that became [[Verisign]]. Diffie–Hellman, as elaborated above, cannot directly be used to sign certificates. However, the [[ElGamal signature scheme|ElGamal]] and [[Digital Signature Algorithm|DSA]] signature algorithms are mathematically related to it, as well as [[MQV]], [[Station-to-Station protocol|STS]] and the [[Internet Key Exchange|IKE]] component of the [[IPsec]] protocol suite for securing [[Internet Protocol]] communications.