1 point by manessi 8 months | flag | 1 comment
manessi 8 months | flag

Shamelessly copy-pasting an ELI5 from Reddit on how private/public key work. Nothing fancy once explained :)
https://www.reddit.com/r/explainlikeimfive/comments/1jvduu/eli5_how_does_publicprivate_key_encryption_work/
---
The basis is really simple:

Imagine you have a computer program that will allow you to encrypt a text file or digital document by using either one of two passwords, so that once you freely choose any one of the two passwords for encrypting, then decryption can only be performed by using the other password. That is: you can't both encrypt and decrypt by using the same password; once you use one of the two possible passwords for encryption, then you can only decrypt by using the other password you did not use for encrypting.

This is all the technical basis you need.

But why is this technical basis so useful?

If we use intelligently that previous technical stuff, then we can get a nice security system working.

This is the trick: you keep one of the two passwords as a secret password only you know and no one else knows; this is called your "private key". And you let the other password be known by everybody; this will be your "public key".

Thanks to this, you can nicely perform two interesting tasks:

a) You can RECEIVE (not send) information in a secure manner: since everybody knows your public key, then they can encrypt any information they want to send to you by using your public key. Since the information has been encrypted by using your public key, then it can only be decrypted by using your private, secret key; and since you are the only one who knows your own private key, then you are the only person who will be able to decrypt the information that was sent to you. (If you want to SEND information to other people in a secure manner, then you'll have to know those people's respective public keys, and use these public keys for encrypting).

b) you can SEND information in such manner that you can absolutely prove that information was sent by YOU: if you want to send a certain information and you encrypt it by using your PRIVATE, SECRET key, then everybody will be able to decrypt and read that information, because the information will be decryptable by your public key and everybody knows your public key. So your information is not protected against reading, but, since it is decryptable by your public key, then it is a complete proof that the information was encrypted by your private, secret key. And since you are the only person who knows your own private, secret key, then it gets perfectly proven that the information was encrypted by you and no one else. This is why encrypting by using your own private key is also known as "digitally signing" the information you send.