You don’t send secret messages encrypted with your private key. You ask the receiver if the message for his public key and use that key to communicate with him. 

You wouldn’t encrypt with your private key to keep the message secret. Encrypting with your private key is ‘signing’ the message as you said anyone can decrypt it, but people would know it could only have come from you. What you end up doing is encrypting twice. Once with the receivers public key so only they can decrypt it and once with your private key so they know that it came from you.

Great question!

The vice-versa in #3 is critical. You can encrypt something with a public key, and then only the corresponding private key can decrypt it.

Let’s use the names that are traditionally used in cryptography: Alice and Bob want to communicate, and Eve (for eavesdropper) wants to listen in.

Assume Alice and Bob have published their public keys. Anyone knows them.

The simplest answer is that Alice can encrypt a message using Bob’s public key. Now only Bob can decrypt it. Not even Alice can decrypt it!

Bob replies by encrypting a message with Alice’s public key. Only Alice can decrypt it.

If Eve intercepts any of these messages, she can’t decrypt any of them.

In practice, this would work but it’s expensive (slow to compute). Instead, what happens is that Alice and Bob use their public/private key pairs to generate a temporary shared secret. That shared secret becomes an encryption key that both of them know, but nobody else knows. For the duration of that conversation, they both encrypt and decrypt using that single key, which is fast and efficient. Then they throw it away.

You might [find this video](https://youtu.be/YEBfamv-_do) to be informative. It explains asymmetrical key exchange using colors, which helped me understand the concept better.

When it comes to asymmetric encryption you need two things to happen for it to work. You need to be able to encrypt a message AND make sure the message comes from the correct person.

Each person has two keys for the encryption. A private key and a public key. They are complimentary of one another. This means that you can use a public key to decrypt a private key and a private key to decrypt a public key.

For asymmetric encryption to work everyone needs to know each others public key and no one can know someone’s private key.

When it comes to sending an encrypted message you first need to pass the message through the recipients public key and then through your private key. This means that on the other end they can use your public key and then the private key to make sure the message received comes from you and only you and that only they can decrypt the message as only they have their private key.

Now the way this encryption method is commonly done is by using the RSA algorithm. This method uses two LARGE prime numbers as the keys. The private key is the two numbers. Whilst the public key is the two numbers multiplied together. The RSA method is typically only used for the initial contact. This is due to the RSA algorithm becoming very very slow when you send a large message.

I’m going to use a “13 hour clock” for the demonstration. Cryptography uses interesting properties of prime numbers. Also they use really large numbers, so it’s not feasible to try all of them, as it would be in my example.

First of all notice that 2×7=14=1 on a 13 hour clock. These numbers come in pairs and there’s no way to find the pair except by trying all the numbers.

That means if you take any number, multiply it by 7 and then by 2, you get the original number back.

So the 7 is the public key which I tell people about. The 2 is the private key I keep to myself.

So any number you want to secretly pass to me you multiply it by 7. Let’s say you want to tell me “5” (the “plain text”) but you’re afraid Eve is going to intercept and secretly read the letter before it gets to me. Or we are in a room with lots of people so they will hear you tell me.

I tell you and anyone else listening my public key is 7.

5×7 = 35 = 9 so you tell me “9” (the cipher text)

Anyone who sees that won’t know what the original number was. However I use my private key of 2:

9×2 = 18 = “5” on a 13 hour clock.

So anyone can know the public key and the cipher text, but can’t decode the message, unless they know the private key.

The best analogy is me sending you an open lock. Anyone can see the lock, but only I have the key to open it. You can put something in a box and lock it and send it to me.

Yes this only works in one direction but I can use your (different) public key to send you a encrypted messages as well.

There is a challenge on top of this; how do I know it’s really you giving me the key? It might be a secure key but from an impersonator. That’s where things like certificates and trusted authorities come into play.

The best one I heard was, imagine you and your friend are painting and you want to get to a specific green colour. You can only achieve this by mixing a specific ratio of blues and yellows. You only have blue and yellow paint. You know they have blue paint (that information is public), you also know that your friend has yellow paint (but that information is not public) so you tell your friend to mix his blue with his yellow. If the green that shows up is the same as the green that you have, you know it’s your friend and you can trust him to keep painting with you.

An important point: “messages” are actually encrypted with traditional symmetric keys.

Asymmetric (public key) encryption is only used for authentication (proving who you are) and key exchange, ie secretly sending an old-style “session” key. (simplified of course)