Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private. If the lock/encryption key is the one published then the system enables private communication from the public to the unlocking key’s owner. If the unlock/decryption key is the one published then the system serves as a signature verifier of documents locked by the owner of the private key. Although in this latter case, since encrypting the entire message is relatively expensive computationally, in practice just a hash of the message is encrypted for signature verification purposes.
This cryptographic approach uses asymmetric key algorithms, hence the more general name of “asymmetric key cryptography”. Some of these algorithms have the public key/private key property; that is, neither key is derivable from knowledge of the other; not all asymmetric key algorithms do. Those with this property are particularly useful and have been widely deployed, and are the source of the commonly used name. The public key is used to transform a message into an unreadable form, decryptable only by using the (different but matching) private key. Participants in such a system must create a mathematically linked key pair (i.e., a public and a private key). By publishing the public key, the key producer empowers anyone who gets a copy of the public key to produce messages only s/he can read — because only the key producer has a copy of the private key (required for decryption). When someone wants to send a secure message to the creator of those keys, the sender encrypts it (i.e., transforms it into an unreadable form) using the intended recipient’s public key; to decrypt the message, the recipient uses the private key. No one else, including the sender, can do so.
Thus, unlike symmetric key algorithms, a public key algorithm does not require a secure initial exchange of one, or more, secret keys between the sender and receiver. These algorithms work in such a way that, while it is easy for the intended recipient to generate the public and private keys and to decrypt the message using the private key, and while it is easy for the sender to encrypt the message using the public key, it is extremely difficult for anyone to figure out the private key based on their knowledge of the public key. They are based on mathematical relationships (the most notable ones being the integer factorization and discrete logarithm problems) that have no efficient solution.
The use of these algorithms also allows authenticity of a message to be checked by creating a digital signature of a message using the private key, which can be verified using the public key.
Public key cryptography is a fundamental and widely used technology. It is an approach used by many cryptographic algorithms and cryptosystems. It underpins such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP, and GPG.