An encryption method for transmitting data that uses key pairs, comprising one private and one public key. Public key cryptography is "asymmetric encryption" because both keys are not equal. A huge cryptographic breakthrough in the late 1970s, the Rivest-Shamir-Adleman (RSA) method is the example of public key cryptography. See
RSA and
cryptography.
Two Purposes - Encrypt and Authenticate
To encrypt a message before transmiting it, the recipient's public key is used. That means the sender must obtain the recipient's public key, which is made freely available. To decrypt at the other end, the receiver's private key is used.
The exact opposite is done to ensure the message has not been altered. Senders encrypt their content with their private keys, and if their freely available public key is able to successfully decrypt the message, it is verified to originate from only one entity, the owner of the key pair. This method is used in the passwordless FIDO system to authenticate users (see
FIDO). See
digital signature.
The World of Crypto
Blockchain-based cryptocurrencies are based on this method because crypto payments are digitally signed by senders using their private keys and verified by receivers using their public keys. See
crypto keys.
Send Only the Secret Key
Although public key cryptography uses a private key that must be kept secret, it is not "secret key cryptography," which is the traditional method that uses the same key at both ends. Secret key cryptography decrypts faster than the public key method, but the problem is initiating the process by getting the secret key "secretly" to the receiving end. The problem is solved by using public key cryptography to send only the secret key, not the data. See
cryptography.
She Authenticates and Encrypts in One Transmission
To ensure her message is not tampered with, she creates a "digital signature" of the message by computing a digest of her message and encrypting it with her private key. She then encrypts the "signed message" with his public key and sends it. Using his private key, he decrypts the message and signature. Using her public key, he decrypts the signature into the original digest and then computes a brand new digest from the message body. If his newly computed digest is the same as her digest, the message has not been altered.