PublicKey
Encryption
Remember how in the previous section you needed to find a secure way
to send your Symmetric Key to the recipient of your message?
PublicKey Encryption solves the keydistribution problem!
Step 1: Generate a Key Pair
Generate a pair of matched keys by pressing the button below.
You will get a Public Key and a Private Key.
You will keep the Private Key to yourself. Unlike the Symmetric Key
of the previous section, you never send your Private
Key to anyone! The Public Key, however, can be seen by anyone.
Record these two keys in a safe place.
Public and Private Keys are unusual: any message that is encrypted
with one of them can be decrypted with the other. However
neither key acts like a Symmetric Key. That is, a message
never can be decrypted using the same key that
encrypted it.
These keys are used differently depending on what you want to do.
You can send a secure message, or you can sign a message. While
deciding which key to use for what, remember what I just said,
"You never send your Private Key to anyone!"
When encrypting and signing, you need to consider the order.
Let's look at all of the possibilities.
Step 2a: (Optional) Sign a Message
Before sending a message, you may want to sign it.
By signing a message you are proving to your recipient that the
message has come from you. You sign plaintext by
encrypting it using your Private Key.
How is this secure? Anyone can get your Public Key and decrypt the
ciphertext! Yes, and that's the point. Signing a message does not
protect it.
After you sign a message with your Private Key,
anyone can show that the message must have been signed by you
because they can decrypt it using only your Public Key.
Step 2b: Encrypt a Message
When sending a message to someone, encrypt it using their Public Key.
Remember that a message never can be decrypted using the same key that
encrypted it, and so once a message is encrypted with someone's
Public Key, it can be decrypted only using the matching Private Key.
Send the ciphertext to your recipient.
They will follow Step 3 to decrypt the ciphertext.
Step 3a: Decrypt a Message
Did you just receive a message from someone else? Then follow this step.
If you are sending a message, then follow the steps 2a and 2b instead.
The sender already has encrypted the message
using your Public Key, and so you decrypt it using your
Private Key.
If you still can't read the decrypted message, it may be signed.
So go to the next step.
Step 3b: (Optional) Verify a Signature
Someone claims that they have sent you a message? Confirm their
signature by decrypting the message using their Public Key.
Realize that when we say we "verify a signature,"
really we are removing a
layer of encryption from the entire message. There is no
separate signature appended to the message—a signature
in the form of encryption has been applied to the entire message.
