Public key and private key: how they work and differ


(5 votes, average: 4.20 out of 5)

Bạn đang xem: Public key and private key: how they work and differ


But if you’re using two separate keys — one to encrypt data và the other to decrypt it — then you’re using asymmetric encryption (public key encryption). The keys are known as the public key (encryption key) và the private key (decryption key).


As we pointed out earlier, there are two separate keys involved in public key cryptography. Imagine a vault that has two separate keys. One can lochồng the vault, but the same key can’t open it. This means you’d need a different key to unloông xã the vault. In public key cryptography, it’s much the same way: there are two keys — one that can encrypt the data and the other that can decrypt it. These keys are separate yet mathematically related lớn each other. That’s because they’re generated using an asymmetric algorithm that binds the public key to the private one.

To learn more about the differences between them, be sure to kiểm tra out this article on the differences between asymmetric vs symmetric encryption.

What Is a Public Key và How Does It Work?

Within public key infrastructure, the public key encrypts the data. It’s known as the public key because it can be openly distributed, và anyone can use it for encryption. As soon as the data is encrypted using a public key, you can neither interpret nor guess the original nội dung of the data from the ciphertext nor use the same key (i.e., public key) to unlochồng it.

Your public key is generated using complex asymmetric encryption algorithms. The length of the public key depends upon the algorithm it is made with. In general, the key kích cỡ varies from 128 bits khổng lồ 4096 bits. The Certificate Authority/Browser Forum (CA/B Forum) provides guidance for the igiảm giá khuyến mãi minimum public key kích thước. For example, based on the CA/B Forum’s current guidelines, all CAs shall confirm that:

The RSA public key is at least 2048 bits, orThat one of the following ECDSA curves is used: NIST P-256, NIST P-384, or NIST P-521.

An RSA public key looks like this:

Private key vs public key graphic: This screenshot of’s RSA 2048-bit public key is an example of what a public key looks lượt thích.

The mathematical algorithms used lớn create the public key (and private key) are:

ElGamalDigital signature algorithm (DSA)

So, what is a difference between an RSA public key versus one that’s ECC? The key sizes, for one. RSA keys are significantly larger than ECC keys, yet ECC keys are just as svào. Second, the keys are calculated in different ways. An RSA public key is the result of two massive prime numbers và a smaller number, whereas an ECC public key is an equation that calculates a specific point on an elliptic curve.

What Is a Private Key & How Does It Work?

This key can decrypt ciphered data (i.e., encrypted data). Each public key has a corresponding private key. All the pairs of public & private keys are unique. The private key must be kept secret with the owner (i.e., stored safely on the authorized device or non-public-facing server). For SSL/TLS certificates, you generate your private key as part of the key pair that gets created with your certificate signing request (CSR). This means that even the certificate’s issuing CA doesn’t get to see or have sầu access to your public key.

Because your key is secret, it means that you need lớn keep it safe & know where it is at all times. If your private key becomes lost, then you’ve got your work cut out for you and will need to re-issue your certificate.

As you can imagine, it’s almost impossible khổng lồ guess a private key from its corresponding public key because it’s generated with strong entropy (randomness). As such, it would take even a modern supercomputer thousands of years khổng lồ crachồng a private key via a brute force attachồng. Thus, no one can decrypt the data except the authorized device where the private key is stored.

A private key looks like this:

An RSA private key example in public key cryptography.

A Quick Overview Down the Differences: Public Key vs Private Key

Looking for a quiông chồng visual to lớn help you see the differences between a public key và private key? Then look no further:

Public KeyPrivate Key
Can be openly distributed Must be kept a secret
Used for encryptionCan be used for decryption in asymmetric encryption, or encryption AND decryption in symmetric encryption
Authenticates digital signature signed with the corresponding private key (when used in certificate pinning)Insert the digital signature (encrypting the hash)
Stored inside the digital certificates, outgoing emails, & executablesStored in authorized devices and non-public-facing servers

Public Key vs Private Key: Their Roles in Data Privacy và Security

When you want lớn protect data while it’s in transit or at rest, public key cryptography comes in handy. One endpoint encrypts the data using the recipient’s public key & sends it. The recipient decrypts it by using the corresponding private key. If anyone else in the middle intercepts the data, they can’t unlock, read, or otherwise interpret it without the private key.

Hence, asymmetric encryption protects the plaintext data from being exposed due to:

Man-in-the-middle attacks, Data leaks, andData theft.

Just to lớn quickly clarify — asymmetric encryption doesn’t stop these types of attacks và data leaks or theft from taking place. But what it does vì is stop anyone from being able to read & access the unencrypted/plaintext data. Without the corresponding private key khổng lồ decrypt the data, all the bad guys will see is gibberish.

A classic example of how lớn think of a public key & private key is lớn consider your email address & password.Your gmail address, in this case, represents a public key, which is available lớn the general public, & anyone who has access to lớn it can sover you an gmail. But only the password holder (i.e., you) can open and read the tin nhắn the trương mục contains. Here, the password serves as a type of private key.

All public key và private key pairs are unique. If you’re signing for a new user ID on a trang web or application, the system notifies you if your selected user ID is already in use. You must have a chất lượng pair of a user ID (which can be an email, phone number, ID card number, etc.) & password.

SSL/TLS Certificate

In the same way, the SSL/TLS certificate protects the data transfer between a browser và the website’s VPS using public key cryptography. The trang web owner installs an SSL certificate on their trang web and relies on the quality set of public and private keys for that certificate. There are millions of sites using SSL/TLS certificates. But none of them have the same key pairs.

Xem thêm: Phạm Nhật Vượng Là Ai? Tiểu Sử Phạm Nhật Vượng Đầy Đủ Nhất Phạm Nhật Vượng

When a website visitor tries to lớn open a trang web, their website browser engages in a process with the website’s VPS that’s known as a TLS handshake. As part of this process, the browser (client) generates a random pre-master secret, encrypts it using the server’s public key, & sends it lớn the hệ thống. The hệ thống decrypts the pre-master secret using the corresponding private key and uses it lớn compute a symmetric session key.

All the data transferred between a user & a trang web for the rest of the session is encrypted using the session key — meaning that it’s transmitted via symmetric encryption. No intruder can access the session key without a private key. It’s this initial use of public key cryptography that makes it possible khổng lồ exchange session keys to lớn engage in symmetric encryption for the rest of the session. This process protects data transmissions between a trang web và its visitors.

Public key cryptography is also used in the following digital certificates to lớn protect the data:

Public Key vs Private Key in Identity Verification

Another usage of a public key & the private key is identity verification & digital signatures.

In digital signatures, the sender inserts a digital signature using a private key. The recipient verifies the authenticity of the signature with the senders’ public key. No one can modify, copy, or delete the digital signature except the private key holder (i.e., the authorized sender). Digital signatures, with other measures, give sầu assurance about the sender’s identity và the integrity of the data.

E-Mail Signing Certificates

When you install an S/MIME certificate on your tin nhắn client, it generates a unique pair of public và private keys. It stores the private key on your VPS & sends the public key with all outgoing emails. You can digitally sign your emails using a private key stored on your device. The recipients receive the gmail along with the public key, which they use lớn verify the signature. It gives the recipients assurance about the tin nhắn sender’s identity.

A digitally signed tin nhắn looks like this:


Code Signing Certificates

These certificates are used by software publishers khổng lồ sign executable software, scripts, drivers, và applications. After completing a piece of software, the developer digitally signs it using their private key. Whenever the users try to lớn tải về the software, their devices receive sầu the software’s public key khổng lồ verify the signature.

At the time of downloading, a security window pops up. If the digital signature is valid, the dialogue box shows the publisher’s name in it. If there is no digital certificate, the publisher’s name will be shown as “unknown.” A code signing certificate gives assurance lớn the users that the software is coming from a verified publisher.

A side-by-side comparison of what it looks like to end users who tải về your software when you vày or don’t use a code signing certificate.

As you can see in the screenshot above, the security dialogue box is showing “Microsoft Corporation” in the verified publisher’s field. It is Microsoft’s digital signature that no one can modify, change, replicate, or remove sầu. A third-các buổi tiệc nhỏ certificate authority conducts a rigorous verification process before granting a code signing certificate lớn a publisher.

Public Key vs Private Key in Two-Way Authentication

The public key và private key are also useful for two-way authentication, or what’s known as client authentication. Organizations don’t want any outsiders lớn access their intranet websites, development and testing sites, and some resources made strictly for internal usage. In the same way, some sensitive sầu internal emails shouldn’t be opened by outsiders. In this situation, the private key & public key helps khổng lồ develop two-way authentication.

Some certificates (like “two-way SSL/TLS certs,” or what are known as personal authentication certificates or client authentication certificates) can be installed on employees’ office devices lớn enable two-way authentication where the hệ thống can verify the client. (With traditional SSL/TLS certificates, for example, it’s typically one-way authentication in that the client authenticates the hệ thống, not vice versa.)

Example: Suppose Alice và Bob are working for an organization with installed tin nhắn signing certificates on their tin nhắn clients. When Alice sends an email to lớn Bob, she uses Bob’s public key and her private key khổng lồ encrypt & sign the gmail. When Bob receives the email, he decrypts it using his private key và Alice’s public key. No one else can open và read the email content because they don’t have the private key.

Personal Authentication Certificate: In the same way, personal authentication certificates (client certificates) are installed on the employees’ company devices (desktop, máy vi tính, và even smartphones). Both the client and hệ thống have sầu a set of a public key and private key. When employees try to lớn open the website, the traditional TLS handshake process takes place first, where the server presents its SSL/TLS certificate, và the client authenticates it. After that, the client also provides its certificate for the VPS to lớn authenticate.

Let’s underst& this process a bit better with another example:

John is a remote software developer working for XYZ corporation. The company has developed an intranet website, which only employees can access. XYZ has provided a máy vi tính lớn John for office work in which a client certificate is installed. Whenever John tries lớn open, his browser checks the website’s SSL/TLS certificate as part of the TLS handshake process.

As part of the handshake, John’s device needs lớn present its certificate, which the website’s hệ thống authenticates. Only once this process is complete can John access the intranet site. In this way, John can’t access from any device other than his office laptop.

Wrapping Up on Public Key vs Private Key

Encryption has two types. Symmetric và asymmetric. In symmetric encryption, there is only one key needed for encryption and decryption. That key must be kept secret by all endpoints và users. Key distribution và key management are challenges, & chances of compromise of key increase when a large number of endpoints are involved.

Asymmetric encryption (public key cryptography), on the other h&, is more secure when using large keys with strong entropy. That’s because two keys are involved (i.e., the public key và private key). The major difference between them is that the public key encrypts data whereas the private key decrypts it. Also, you can distribute public keys freely to many endpoints without worrying about security compromise. But the private key is a precious treasure that must be protected at any cost.

Xem thêm: Mainnet Là Gì ? Top 5 Mainnet Đáng Mong Chờ Nhất Năm 2021 Just A Moment

We hope this article has helped you khổng lồ underst& public key vs private key và their usage in public key cryptography.