Also known as public key Cryptography, the concept of public key encryption was thought up by Whitfield Diffie in 1975, and proven by the RSA algorithm two years later.

Each person has a pair of keys, called the PublicKey and the PrivateKey. Each person's public key is published while the private key is never divulged to anyone. Data can be encrypted using the intended recipient's public key and then can only be decrypted using their private key.

Note that, while the public key is not confidential, to be useful the recipient needs some assurance that it really came from the person it is supposed to have come from.

The need for sender and receiver to share secret information (keys) via some secure channel is eliminated: all communications involve only public keys, and no private key is ever transmitted or shared.

The system is successful because

  1. PKE is computationally difficult to decode.
  2. PKE does not require a secure channel to send the key; the key is, in fact, public. However, without assurances as to the authenticity of the public key, you leave yourself open to ManInTheMiddle attacks.
  3. PKE can be used as a basis of a personal (digital) signature so that the sender may always be identified.

If you encrypt something with the public key then it can be only decrypted with the private key, and vice versa. Given the public key, you can't deduce the private key, and usually vice versa (although not always). Thus you publish you public key to the world, and everyone can send you encrypted email. (See GPG).

You can "sign" a document by taking a CryptographicHash of the document, and encrypting that with your private key. Everyone can calculate the hash, and then decrypt the version you gave and verify that they are the same (the document hasn't been modified) and they know that it came from you (since you are the only one that has your private key).

You can then sign other peoples' key to say that you verify that it is them. A collection of such signatures is called a WebOfTrust.

See also PublicKeyAuthentication.

Part of CategoryCryptography