In a Public Key Infrastructure (PKI), which key is used by one host to encrypt data when connecting to another host?

In a Public Key Infrastructure (PKI), the public key is the key used by one host to encrypt data when connecting to another host. Each host has a pair of cryptographic keys: a public key that can be shared with anyone and a private key that is kept secret. When one host wants to securely send data to another, it will use the destination host's public key to encrypt the data. This ensures that only the intended recipient, who possesses the corresponding private key, can decrypt and access the data.

Using a public key for encryption is foundational to the security model of PKI, allowing for secure communications without the need to exchange private keys over potentially insecure channels. This method also helps to establish trust, as each public key can be tied to an identity via digital certificates issued by a trusted certificate authority.

In contrast, the private key is kept confidential by its owner and is never used for encrypting data intended for others. The KDC ticket is related to Kerberos authentication, and SSH keys, while also used for secure communications, function within a different context and do not represent the core concept of PKI.