Normal symmetric cryptography works by using a secret key to encrypt and decrypt data. Asymmetric cryptography, also called public key cryptography, works just the same way; but instead of using one key to both encrypt and decrypt, you use one key to encrypt the data and a mathematically related key to decrypt the encrypted data. This way, one key can be public (not secret) and the other key can be private (secret).
For a totally unrealistic example, let’s say we have the private key, SaneHuman, and the public key, LazyBear. If we use the private key, SaneHuman, to encrypt the message:
The quick sane human jumped away from the lazy bear
It’ll turn into total gibberish, and look something like:
1b6T&sS4g8hgsb16zd)ghB-5hn54ndf84n5*48YEgferghr7/lkjJy<76tgfRY.yy,8U5hy5a~n
But we can’t use the private key, SaneHuman, to decrypt it back. If we tried, we would just end up with different gibberish. The only way to decrypt it is to use the public key, LazyBear. If we do that, we get the original data back:
The quick sane human jumped away from the lazy bear
It also works the same way if you use the public key to encrypt and the private key to decrypt. If we use the public key, LazyBear, to encrypt:
The quick sane human jumped away from the lazy bear
Then it’ll turn into total gibberish too, kinda’ like:
65B1zbs!6fD4B651bx5#f4XdfnbxdkJh4n$4165Ndx6z46Z^fdzjhGEThytr*t67SSwU6ktrgNe
And the only way to decrypt it back to normal is to use the private key, SaneHuman.
So how is this useful? It’s useful in three ways:
- You can receive messages securely from people without sharing any secrets with them
If someone wants to securely send you a message, they only have to know your public key. For example, I never have to share some secret key with Kuma. (ʕ·ᴥ·ʔ: Lambert doesn’t trust me with secrets.) Instead, I can give Kuma my public key, he can encrypt his messages to me using that public key, and I can use my private key to decrypt them and read them. And not just Kuma, but everyone can have my public key and use it to send me encrypted messages. The public key is, well, public; so it’s okay if everybody knows what it is. - People who send you messages can be sure that you’re the only one who can read them
Since I’m the only one with my private key, I’m also the only one who can decrypt messages that were encrypted using my public key. So anybody sending me messages that were encrypted using my public key can be sure that I’m the only one who can read them. - You can prove that you are you
Maybe I send Kuma a message telling him to leave me some salmon on the picnic table. How does Kuma know that that’s me sending him the message and not some fish thief trying to steal some salmon? I can encrypt the message using my private key, and if Kuma can decrypt it using my public key, then he’ll know that the message really is from me, because I’m the only one with my private key. If the fish thief tries encrypting his own fake message with a different private key, then the public key I gave Kuma won’t be able to decrypt it, and what will come out is just more gibberish that Kuma can’t read. And Kuma will also know that the message probably wasn’t from me, but from someone else.