A public key is half of an encryption key pair, the other
being a private key. Using asymmetric encryption, whatever
one key in such a pair encrypts, the other -- and only the other can
decrypt, and vice-versa. In this system, what a given key encrypts,
that same key cannot decrypt -- only the matching key can decrypt it.
Normally one of the key pair is made public -- i.e., shared with
others, while the other is kept strictly private, hence the keys are
called private and pubic. The creation and management of private and
public key pairs is called a public key infrastructure,
or PKI for short.
Use of private and public key pairs allows for various logical
functions, such as:
- Digital signatures -- calculate a checksum of some
text and encrypt it using the private key. Send the result of the
calculation along with the original text. Anyone with access to
the public key of the signing party can verify that it was, indeed,
that party who signed the text and it was the provided that that
- Private and tamper-proof communication -- encrypt text
using the recipient's public key. That way, only the recipient
can decrypt it.
- Identification -- one party asks another party to
encrypt some text using its private key and return the result.
If the returned text can be decrypted using that party's public
key, then it is indeed that party who encrypted it.
Return to Identity Management Concepts