All encryption systems rely on the concept of a key. A key is the basis for a transformation, usually mathematical, of an ordinary message into an unreadable message. For centuries, most encryption systems have relied on private key encryption. Public key encryption is the only challenge to private key encryption that has appeared in the last 30 years.
Private key encryption is also called symmetric encryption because the same key is used to encrypt and decrypt the message.
Public key encryption uses a pair of mathematically-related keys. A message that is encrypted with the first key must be decrypted with the second key, and a message that is encrypted with the second key must be decrypted with the first key.
Each participant in a public key system has a pair of keys. One key is nominated as the private key and is kept secret. The other key is distributed to anyone who wants it; this key is the public key.
Anyone can encrypt a message by using your public key, but only you can read it. When you receive the message, you decrypt it by using your private key.
Similarly, you can encrypt a message for anyone else by using their public key, and they decrypt it by using their private key. You can then send the message safely over an unsecured connection.
Public key encryption is also called asymmetric encryption, because the same key cannot be used to encrypt and decrypt the message. Instead, one key of a pair is used to undo the work of the other.
With symmetric key encryption, beware of stolen or intercepted keys. In public key encryption, where anyone can create a key pair and publish the public key, the challenge is in verifying the identity of the owner of the public key. Nothing prevents a user from creating a key pair and publishing the public key under a false name. The listed owner of the public key cannot read messages that are encrypted with that key because the owner does not have the corresponding private key. If the creator of the false public key can intercept these messages, that person can decrypt and read messages that are intended for someone else. To counteract the potential for forged keys, public key systems provide mechanisms for validating public keys and other information with digital certificates and digital signatures.
PKI is an infrastructure that uses public key technology to allow applications to interact securely. PKI uses public key encryption to provide privacy. In practice, only a small amount of data is encrypted in this way. Typically, a session key is used with a symmetric algorithm to transmit the bulk of the data efficiently.
In business transactions, trust is even more important than privacy. PKI uses the private key to allow an application to sign a document. For the recipient to authenticate the sender, it needs a reliable way to obtain the public key for the sender. This public key is provided in the form of a digital certificate, which is mediated by a trusted third party certificate authority (CA).