Web Tutorials

Public and Private Key Cryptography

Public and private key cryptography is a very common way of encrypting data from one party to another. It is also considered to be one of the most secure ways of securing a line between two parties. This is especially true for big companies with highly sensitive data. In this Web Tutorial, you will learn more about public and private key cryptography. More specifically, what they do for you.

How are public and private keys made?

Public and private keys were first made by the famous RSA algorithm. The RSA algorithm was named after the three developers of the algorithm (Rivest–Shamir–Adleman). Their algorithm grew to be famous because of the complexity of their formula used to generate the public and private keys we now know today. The RSA algorithm is still used to generate public and private key pairs. However, there are other algorithms that can be used to generate these keys.

The mathematical formula used in the RSA algorithm is known as a one-way formula. Meaning, when you encrypt certain texts using the math formula given, attackers won’t be able to easily crack the encryption using the same mathematical formula used. In other words, even if the attacker managed to intercept your public key, the attacker won’t be able to derive its private key. However, if the attacker had your private key, he/she would be able to derive its public key. So be very careful when storing your private key.

What do public and private keys do exactly?

Public and private keys are asymmetrical encryptions. Meaning, instead of the usual use of one key to encrypt and to decrypt data, there are two keys being used to encrypt and to decrypt. The public key is used to encrypt the data for the private key to decrypt the data. The private key can also be used to create digital signatures.

Basically public and private keys are another way of encrypting data. Such as web browsers to servers, chat systems (Facebook Messenger, Viber, etc.), SSL certificates, etc.

How are they used?

First, both parties need to generate their own public and private keys. Next, both parties exchange their public key with the other party. Both parties only exchange their public key. This is because if party A wanted to send sensitive data to party B, they would have to use party B’s public key for party B to decrypt it with their own private key. The same process goes for party A. If party A wants to send sensitive data to party B, then party A has to use party B’s public key to encrypt their sensitive data and send it to party B for decryption using party B’s private key.

In reality you wouldn’t have to generate a public and private key pair because a number of software applications have already generated their own public and private key pairs for their users. Even the SSL certificates contain their own public and private key pairs. The same process still goes for the key pair (exchanging of key pairs). These key pairs are very much necessary especially for online security (Passwords, email addresses, security codes, and other personal information).

Who uses public and private keys?

Usually public and private keys are used by big companies with very sensitive data. However, public and private keys are not limited to only big companies. These keys are also being used by people when they search online. For example, if a person would like to buy a pair of shoes online, then he/she would search that in their web browser. The client’s web browser establishes the connection and the connection will be secure if the website contains an SSL certificate. The SSL certificate use a public and private key pair to secure any connection between a client and a web server from attackers.

Public and private key pairs are also used by back-end IT specialists. These are specialists that specialize in the management of software development, web server modification, etc. The way they use them is for their security of their web servers. They would first insert their public key file into the web server itself. Then they configure the web server in such a way for the admin to enter the private key file instead of the usual username and password login session. After configuration, they can now login to their web server securely by using their private key file they have stored in their computer. Upon entering, the web server will find the matching file for the private key. In the case of a modified private key file, the web server will automatically deny the IT specialist access to the web server.

What are the benefits of public and private keys?

Public and private keys mainly secure lines between a client and a server. It does this to prevent any attackers from accessing information sent or retrieved. This ensures both parties that their information is safe and secure with them.

Private keys can also be used to create so-called “digital signatures”. These digital signatures are different from your regular signatures. They are created by the private key but don’t actually encrypt the message itself. Instead, it attaches a small-bit signature to the document. Thus certifying that the document is an official document.

What makes public and private keys special?

The fact that the RSA algorithm can generate about 80 nonillion key pairs makes the public and private key pairs so special. It would take more than a super computer to be able to find the matching key pair of a single public key. Thus making an encrypted message extremely difficult for an attacker to decrypt. Thus also making the connection between any amount of parties safe and secure.

You can generate your own key pair using GPG, PuTTygen on Windows or other software applications. Below is a sample of a generated public key using PuTTygen:


And its private key would be:

Private-MAC: 2cfcfbef7550c4059d7d7cf687b02c06d7a8fea4

One thought on “Public and Private Key Cryptography

Leave a Reply

Your email address will not be published. Required fields are marked *