I understand that:
1. A pair public/private key is used
2. Public key can be shared publicly, but private one is never shared
3. Something encrypted with the private key can only be decrypted with the respective public key and vice-and-versa
4. Private key can be used to confirm authenticity of the message
The thing I don’t understand is how it allows a secure communication between to parties, since anyone with the public key can decrypt at least one side of the communication (i.e. the messages encrypted with the private key).
In: Technology
An important point: “messages” are actually encrypted with traditional symmetric keys.
Asymmetric (public key) encryption is only used for authentication (proving who you are) and key exchange, ie secretly sending an old-style “session” key. (simplified of course)
Latest Answers