I’m going to use a “13 hour clock” for the demonstration. Cryptography uses interesting properties of prime numbers. Also they use really large numbers, so it’s not feasible to try all of them, as it would be in my example.

First of all notice that 2×7=14=1 on a 13 hour clock. These numbers come in pairs and there’s no way to find the pair except by trying all the numbers.

That means if you take any number, multiply it by 7 and then by 2, you get the original number back.

So the 7 is the public key which I tell people about. The 2 is the private key I keep to myself.

So any number you want to secretly pass to me you multiply it by 7. Let’s say you want to tell me “5” (the “plain text”) but you’re afraid Eve is going to intercept and secretly read the letter before it gets to me. Or we are in a room with lots of people so they will hear you tell me.

I tell you and anyone else listening my public key is 7.

5×7 = 35 = 9 so you tell me “9” (the cipher text)

Anyone who sees that won’t know what the original number was. However I use my private key of 2:

9×2 = 18 = “5” on a 13 hour clock.

So anyone can know the public key and the cipher text, but can’t decode the message, unless they know the private key.

The best analogy is me sending you an open lock. Anyone can see the lock, but only I have the key to open it. You can put something in a box and lock it and send it to me.

Yes this only works in one direction but I can use your (different) public key to send you a encrypted messages as well.

There is a challenge on top of this; how do I know it’s really you giving me the key? It might be a secure key but from an impersonator. That’s where things like certificates and trusted authorities come into play.