Throughout history, the question has been, I can send encrypted
messages to my friends without anybody being able to read them, but
how do I send the encryption keys? The answer has been, invariably,
I'll encrypt the keys so that nobody can get them, but then, you have
to send more decrypt keys...
Single-key cryptography is the system of using a single key to
encrypt and decrypt a message. It's like locking a door--you need the
same key to lock and unlock the door. Crypto is used to send messages
across unsecure channels, but in order to be effective, you have to
be able to exchange your keys. But if you send your keys across an
unsecure channel, your enemies will intercept them and read your
messages. Which isn't good.
Traditionally, keys were exchanged directly, which is to say, I
meet you in real life, make sure nobody's eavesdropping, give you my
key, say goodbye, then go home and encrypt messages to you until I go
blind. Unfortunately, it's not always possible to meet in real life
(such as two people on the Internet) or to establish a secure
Enter public-key cryptography.
There isn't just one key in public-key crypto. There are two.
These are called the public key and the private key, and they are
related mathematically in subtle and earth-shattering ways. But the
remarkable thing is, only one of these keys can encrypt and only one
can decrypt. (Actually, they can do both, but only one at a
You keep the private key. It's yours. You put a password on it.
You keep it safe. You cherish and love it. But you don't let anybody
get it, for various reasons.
You give the public key to anybody and everybody. You upload it to
the Internet. You pass it around on business cards. Everybody gets a
copy of it. You don't even need to make a secure channel or meet your
recipients in real life. You can pass it right under the nose of your
enemies, for all they care.
When somebody wants to send you an encrypted message, they use the
public key to encrypt it. And then they give you the message. It
doesn't matter if your enemies intercept the message... because they
can't decipher it! The public key can only encrypt, it can't decrypt!
Somewhere along the line, you recieve the message, and you decrypt it
with your private key. Since you didn't give the private key to
anybody, you are the only one who can decrypt it.
It's like having a door with two keyholes; one key can lock the
door, and one key can unlock the door. You keep the unlock key to
yourself, but you duplicate the lock key and give it to all your
friends. When they want to give something to you, they put it in the
room and lock the door. And you're the only one who can unlock
Great, isn't it.