I understand that:
1. A pair public/private key is used
2. Public key can be shared publicly, but private one is never shared
3. Something encrypted with the private key can only be decrypted with the respective public key and vice-and-versa
4. Private key can be used to confirm authenticity of the message
The thing I don’t understand is how it allows a secure communication between to parties, since anyone with the public key can decrypt at least one side of the communication (i.e. the messages encrypted with the private key).
In: Technology
Great question!
The vice-versa in #3 is critical. You can encrypt something with a public key, and then only the corresponding private key can decrypt it.
Let’s use the names that are traditionally used in cryptography: Alice and Bob want to communicate, and Eve (for eavesdropper) wants to listen in.
Assume Alice and Bob have published their public keys. Anyone knows them.
The simplest answer is that Alice can encrypt a message using Bob’s public key. Now only Bob can decrypt it. Not even Alice can decrypt it!
Bob replies by encrypting a message with Alice’s public key. Only Alice can decrypt it.
If Eve intercepts any of these messages, she can’t decrypt any of them.
In practice, this would work but it’s expensive (slow to compute). Instead, what happens is that Alice and Bob use their public/private key pairs to generate a temporary shared secret. That shared secret becomes an encryption key that both of them know, but nobody else knows. For the duration of that conversation, they both encrypt and decrypt using that single key, which is fast and efficient. Then they throw it away.
Latest Answers