Public/Private Keys

What is it

Also known as - asymmetric encryption.

  • Asymmetric means the keys are not identical.
  • One can encrypt, and the other can decrypt.

Mailbox Analogy

Mailbox is a public key.

  • Anyone passing by a street with a mailbox of the address number knows that the mailbox belongs to the address.

However, opening up the mailbox would require private key that the owner of the house and the mailbox delivery man has.

Keys

Public key

  • Key that can be publicly shared and freely distributed.

Private key

  • Key that should be kept secret and should never be shared.

Encryption

Public keys are used to encrypt the content.

If someone wants to send a secure message, a sender would use the public key of the receiver to encrypt the message.

Then, a receiver of the secure message would use their private key to decrypt the secure message.

The encryption process turns the message into a ciphertext, which is unreadable without the corresponding private key.

The sender cannot read the encrypted message without the private key of the receiver.

  • Even though the sender had the secure message content in plain sight, after the encryption, the sender would no longer be able to decrypt the original message.
  • Only the receiver with their private key can decrypt the original message.

This is why Public keys can be publicly shared since only the one with the matching private key will be able to decrypt the contents sent by the other party.

Each party in the communication would have the corresponding receiver's public key to encrypt the message that would be sent back in response.

Decryption

When someone receives the encrypted message, they can use a private key to decrypt it and recover the original plaintext message.

Private key can decrypt messages that were encrypted with public key, ensuring that only the person with the private key can read the message.

Private key and Public key are mathematically related.

  • It is nearly impossible to derive/reverse-engineer the private key from the public key alone.

Digital Signatures

User can sign a message or document with a private key.

Anyone can verify that the signature of the sender using their public key.

HTTPS

Public/private key pairs are widely used in protocols like SSL/TLS to secure web traffic (HTTPS).