Eli5: when something is digitally encrypted, how does the receiver get a key to open it without having to send the key with the original information?
In: Technology
there are two types of crypto:
-symmetric where the same key encrypt and decrypt stuff, so for those you need to pre-share the key over a secure channel, for example you meet in person and exchange the key just once and then you exchange message remotely forever.
-asymmetric: one key encrypt, another different one decrypt (think about sending to a friend an opened safe, he can insert stuff, close it and send back it to you but he or anyone can’t open it because he doesn’t know the code) so you can publish over the internet the one that encrypt stuff (public key) so that everyone can encrypt messages but only you have the other key that decrypt (private key).
a eli5 description of asymmetric encryption is this one: [https://en.wikipedia.org/wiki/Merkle%27s_Puzzles](https://en.wikipedia.org/wiki/Merkle%27s_Puzzles) basically you make many simple puzzles that when solved show a something, you send all of them to another person, they get intercepted and duplicated, the person solve 1 random puzzle and send you the secret message on the puzzle, now you both know a secret number: which puzzle was solved
for example:
puzzle number 1: when solved display “hello”
puzzle number 2: when solved display “asdfg”
puzzle number 3: when solved display “abcd”
the other side solve one random and send you “asdfg” (which gets intercepted too but it doesn’t matter) so now you both have shared a secret: “2” because even if someone intercepted the whole thing he needs to solve all puzzles to find out that “asdfg” was puzzle 2 while the guy that solved just 1 random puzzle he already knows that he picked the second one and you that are the author created all those puzzles so you know which is the second, this is an eli5 and it’s unsafe but it’s possible with math to create problems simple to create but hard to solve.
there are more problems:
-for exmaple what if in the asymmetric example one attacker instead of intercepting everything also replace your public key with his one?
the way this is solved in real world is PKI: public key infrastructure, to keep it simple when you buy a pc it already have some keys inside that are trusted and those keys are used to generate more keys by trusted people.
Latest Answers