There are 2 lock cylinders, as can be found on normal doors, located in a padlock style device. It allows to close a box, envelope or be attached to items.
The first trials with a prototype were a success. People are amazed.
* explain that in 1977 matematicians deviced an algorithm which only goes one way. The representation for this is the one way locking cylinder. Give the cylinder to people to try. This is the whole secret behind asymetric encryption systems. With one key you can only go in one direction, and never back.
* show the padlocks with the 2 locks. One cylinder goes one way, the other the other way.
* Chose kids (or groups of kids) who play Alice and Bob
* There are 3 Alice padlocks and 3 Bob padlocks
* The exercise can be done 6 times, by sending 3 messages from Alice to Bob and 3 from Bob to Alice. But this may complicate the explanations. In the following, only the direction Alice to Bob will be detailed.
* Bob wants to recieve encrypted messages. He creates keys. One secret and several public. Put the public keys on the table. Glue the secret key (on a chain) to Bob's side of the table. Insiste that the secret key should never be given to anyone.
* Alice wants to send Bob a secret message and puts it in an envelope. close the envelope by using the padlock and public key.
* One could explain that it's technically possible to sign, making the message unreadable (but easily made readable with the public key) or to sign by leaving the message in clear text.
* You can verify a signature, but for that you need a public key. Anyone in the world coud say "I am Alice, here is my key". So we are back to starting square.
* This certificate is put into the Internet (put it on the table)
* Bob takes the certificate and uses the CA's public key to verify it's valid.
* Being sure of Alice's public key, he now verifies her signature by unlocking the lock on the message and can be sure that the signature is by the true Alice.
* It works! So that proves that the message comes from her.
* Web browsers come with built-in certification authorities which the browser trusts. That's how the websites prove that they are who they say. Show a webbrowser's CA list.