Public key encryption
Public key encryption is a cryptographic system that uses two keys - a public key that is potentially known to everyone and a related private key that is known only to one party in an exchange of information.
- It is not feasible to deduce the value of the private key from the public
key, nor the public key from the private key.
While the private key must be stored securely, and not made known to anyone but its owner, the public key can be made freely available to any user, with no risk of compromising the security of the private key.
- Information encrypted using the public key can be decrypted only with
the private key.
Information can be encrypted by any user, and sent securely to the holder of the private key: data encrypted with the public key is readable by only the holder of the private key.
- Information encrypted using the private key can be decrypted only with
the public key.
Only the holder of the private key can encrypt information that can be decrypted with the public key. Any party can use the public key to read the encrypted information; however, data that can be decrypted with the public key is guaranteed to originate with the holder of the private key.
Knowledge of a public key does not guarantee the identity of the owner of the corresponding private key, and so encryption of information with a public key cannot, on its own, prevent encrypted information falling into the wrong hands. Before a public key can be safely used to encrypt or decrypt information, the identity of the holder of the private key must be assured. This assurance is provided by a digital certificate which binds the public key to the identity of the private key's owner.