Public Keys and Private Keys – CompTIA Security+ SY0-401: 6.1


Asymmetric encryption uses two different keys to provide a secure channel. In this video, you’ll learn how public keys and private keys can be used to encrypt data, create digital signatures, and create a secure symmetric key.

<< Previous Video: Symmetric vs. Asymmetric EncryptionNext: Session Keys >>


Asymmetric encryption is a foundation of this public key cryptography methodology. It’s one where we have a private key and a public key. And we’ve talked a lot about these keys. But let’s look at how they’re made.

Whenever we’re creating a key, it may be a single person we’re creating this for, we’re using a lot of mathematics to create this relationship between a public key and a private key. So we’re building them at exactly the same time. We’re using a lot of randomization. We’re using prime numbers. And a lot of math goes into this to create a key that is a public key that we could give to anybody in the world and a private key that we would keep private to ourselves.

There’s nothing that, if you were to look at them, looks the same about them. You would not be able to discern the public key, if you had the private key, and vice versa. And that is one of the things that makes this so powerful is that there is this mathematical relationship between them. But from the outside, they look very, very different. And it becomes very, very difficult to understand what might be encrypted unless you have the private key.

This relationship between the public key and the private key allows us to do some interesting things with the digital signatures. Digital signatures are ways to confirm that information has gotten from point a to point b without anything changing. There’s non-repudiation associated with that.

The way this works is that, let’s say, it’s Alice is creating a document that says, I will pay $500. And Alice is going to sign it with her private key. Obviously, nobody has access to that private key except for Alice. So we can be assured that Alice’s private key that signs this is something that’s very unique to her.

Now Alice is going to send that to Bob. And that message obviously says I will pay $500. Bob looks at the signature at the bottom of this message and grabs Alice’s public key to verify that it really came from Alice.

Obviously, Bob doesn’t have access to Alice’s private key. But that’s OK. Everybody has access to Alice’s public key. It’s on public key servers. It might be on Alice’s website. It’s something that you would like everyone to have that available to them.

So Bob’s going to grab Alice’s public key and decrypt or verify that that digital signature of this particular message matches perfectly. If anything had been changed anywhere in the middle, Bob would have known it because that would have not verified properly.

And that really allows us to do some very interesting things with non-repudiation. We can make sure that certain documents that we’re sending across the network are not changed. They remain intact. And we can start combining this encryption process with the digital signature process to make sure that the integrity of the files we’re sending match when they get to the other side.

This relationship between the public keys and the private keys also allows us to do some interesting things with the math that allows us to build some symmetric keys from this, some that can be done automatically behind the scenes without sending these symmetric keys across the network. The way this works is, for instance, Alice certainly has access to her private key. She’ll grab Bob’s public key, combine them together, and create, through an algorithm, a shared secret key. This is a symmetric key that then Alice could use to encrypt other information and send it to Bob.

On the other side, Bob does the exact same thing. But, of course, he doesn’t have access to Alice’s private key. He does have access to his private key.

So he’ll grab Alice’s public key and his private key. It’s the other side, it’s the other pair of the same two that Alice were using, uses the same algorithm. And look, it magically creates exactly the same key between those two.

So when Bob receives this message that has been encrypted with this symmetric key, he simply does the same algorithm to come up with exactly the same symmetric key. And now he’s able to decrypt the information on the other side. A very simple process to build that and one that you would not be able to do unless you had both this public and private key methodology.