What is "public key"/"asymmetric" cryptography?

Lennart Jorelid



Short answer: A public key cryptography algorithm uses two different (but related) keys for encryption and decryption. The key used for decryption  is kept secret (Private) whereas the encryption key can be distributed openly (Public). Thus, anyone in possession of the public encryption key may encrypt and send a message to the holder of the private decryption key. However, only the holder of the private decryption key may decipher the message. Both keys must be created and used in conjunction, and are often referred to as a key pair.

Longer answer: Encryption is the art of turning a plain text message written by a sender to a ciphertext (encrypted) message which is sent to a recipient. Modern computer-based encryption is done by an algorithm (which is generally publicly available to anyone) and an encryption key. For good encryption algorithms, it is nearly impossible to decrypt the ciphertext (recover the original plaintext message from the ciphertext) without the correct key ("breaking the code" in security lingo). 

Before being able to encrypt or decrypt, one must generate the key pair required for the encryption and decryption.


Key pair generation; creating a key pair


The processes of encryption and decryption are fairly straightforward: 


Encryption; creating ciphertext from plaintext with a specific encryption algorithm and an encryption key


In public key cryptography, the decryption key in the image below must be the complement key to the encryption key in the key pair. From straight technical reasons, either key in the key pair could be used for encryption as long as the other key of the pair is used for decryption. Since one of the keys generally is a bit shorter (easier to break) and the other a bit longer (harder to break), convention has decided which key is used to encrypt and decrypt.


Decryption; recovering plaintext from cipertext using a specific encryption algorithm and a decryption key