Public Key Encryption
Public Key Encryption, also called Asymmetric Encryption, is a cryptographic system that uses two different keys:
- A public key (shared openly)
- A private key (kept secret)
Data encrypted with one key can only be decrypted with the other.
This allows for secure data transmission between parties without sharing a secret key in advance, and is essential for:
- Authentication
- Secure communication
- Digital signatures
Key Concepts of Public Key Encryption
| Concept | Description |
|---|---|
| Public Key | Used to encrypt data; can be shared openly |
| Private Key | Used to decrypt data; must be kept secret |
| Asymmetric | Different keys for encryption and decryption |
| One-way encryption | You can encrypt with the public key, but only decrypt with the private key |
| Digital Signature | Created by encrypting a hash with the private key to verify authenticity |
Common Algorithm of Public Key Encryption
| Algorithm | Use |
|---|---|
| RSA (Rivest–Shamir–Adleman) | Most common, used for encryption and digital signatures |
| ECC (Elliptic Curve Cryptography) | Lighter and faster alternative to RSA, used in modern systems |
| ElGamal | Less common, but also used in secure messaging |
Where Public Key Encryption is used
| Use Case | Description |
|---|---|
| TLS/HTTPS | Public/private keys establish secure connections between clients and servers |
| Authentication | Private key signs a token; public key verifies it (e.g., JWT, OAuth) |
| Secure Key Exchange | Used to share symmetric keys securely (e.g., in hybrid encryption) |
| Data Protection | Encrypt sensitive data for a specific recipient |
| Email Encryption | PGP/GPG uses public key crypto to secure messages |
Example of Public Key Encryption
Scenario: A client (browser or app) connects to a backend server using HTTPS. We want to ensure:
- The server is authentic (not a fake)
- Data is encrypted during transmission
TLS Handshake Using Public Key Encryption
- Server has a public/private key pair
- Public key is included in its SSL certificate (issued by a Certificate Authority)
- Client initiates connection
- Requests server's public key (via the certificate)
- Client encrypts a random symmetric key with the server’s public key
- Server decrypts it using its private key
- Both now use the symmetric key to encrypt the session (fast and secure)
Security Benefits of Public Key Encryption
| Benefit | Explanation |
|---|---|
| No shared secret required | Safer for open networks |
| Identity verification | Private key signatures prove authenticity |
| Hybrid encryption support | Works with symmetric encryption for speed and security |
| Widely trusted | Forms the backbone of HTTPS, SSH, and JWTs |