How Public Key Encryption Works

Public key encryption, sometimes called “public key cryptography”, is a method of encrypting your data so that only the people to whom you provide a key may access it.  Aside from being a way to keep your data generally secure, it  is also foundational to other technologies such as blockchains and digital certificates so grasping the fundamentals of public key encryption can help you better understand those technologies as well.

Let’s ease into the concept of public-key encryption with an example. Suppose for a moment that almost every day you receive package deliveries from amazon.com. Each day, the delivery person leaves these packages on your doorstep while you are away at work. Recently, some of your packages have gone missing. You check in with both Amazon and the delivery service and they confirm that the packages were delivered which means that there is a thief intercepting your deliveries before you can get to them. So you build a little box with a padlock that is left unlocked each morning when you leave for work. You leave instructions for the delivery driver asking him to please place your items in the box and squeeze the padlock shut to secure them–no key required.  

For a while, this goes well: each day when you return from work and find your packages are safely locked in the box. Then one day you receive a pair of shoes you’re ordered only to discover that Amazon mistakenly sent you the wrong size. Now you need to make a return. Amazon is happy to oblige and instructs you to leave the package on your porch for the delivery driver to pick it up the next day. They also let you know that your exchange or refund will only be processed after the returning pair of shoes is safely back in their warehouse. You have a problem here: if you place the box on your porch unsecured, the thief may be back to steal the package before the delivery driver picks it up which would mean that not only do your shoes not fit correctly–you now have no shoes at all even though you paid for them! You can’t leave the shoes in the parcel box and lock it because the delivery driver does not have a way to unlock the padlock–only you have the key that can do that.

The solution is simple enough: you make an exact copy of your key to the padlock and leave it under your doormat for the delivery driver and then you send the driver a text message informing him that you have locked a return parcel in the box and that the key is under the doormat. That works. Your shoes are returned to Amazon, you get your refund, and things are going great until a few days later you arrive home from work to discover that your parcel box is unlocked and your deliveries for the day have been stolen again! The only way this could have happened is if the thief somehow got a copy of your key.

OK, let’s jump out of the example for a moment. By creating a copy of your key and handing it off to the delivery driver, you created an example of symmetrical encryption: you can lock the box, but anyone else having a duplicate of the key has the same access to the box as you (the level of access is symmetrical). If you have ever password protected a Microsoft Excel spreadsheet, and then shared the spreadsheet along with the password to unlock it with your colleagues, then you have used symmetrical cryptography and, as you may have had the misfortune of experiencing firsthand, the passwords for these spreadsheets tend to be slippery and ultimately find their way into the hands of the very people to whom you meant to block access.   

Back to the example. Once you get over your indignation that the thief had the audacity to slip up to your porch, find the key, and make a copy of it while you were away at work, you realize that what you really need is a way for the delivery driver to lock your box with his key and for the box to stay locked until you unlock it with your own different key–a key that only you possess. So you alter your lockbox and give a new key to the delivery driver. When the driver places your packages in the box the next day he turns his key to the right–the only direction he can now turn it) and the box is locked. When you return from work each evening, you insert your different key and turn it to the left–the only way you can now turn the key–and the box is unlocked.

Things are going great for a while and the thief is stymied; he even tried making a copy of the new key you left under the mat for the delivery driver but quickly discovered that it was only good for locking the box and was completely useless for unlocking it. 

After several days you run into one last problem (hang in there–the example is almost complete): you ordered a shirt from Amazon and they sent you the correct size but the wrong color. You need to leave the package for the delivery driver once again, but you don’t have a way to lock it into your box and he would not be able to unlock it even if you could because your key only locks and his key only unlocks. In cryptographic terms, your keys symmetrically cancel each other.

What you need is a way to lock the box so that the driver’s key may unlock it if, and only if, you were the last person to lock it as would be the case if you were placing a return package in the box. Outside of that, everything still works the same: if the delivery driver places packages in the box and then locks it, his key–or any copies of it–will not be able to unlock it. Only your key can do that. 

In our lockbox example, your key is analogous to a private key and the delivery driver’s key is a public key. You can hand out as many copies of the public key as you like. You might choose to give them to not only your delivery driver but also to friends who may also need to leave items in the box for you or for whom you need to leave an item that they will pick up later.

Your box is now a pretty good example of asymmetric cryptography, the technology behind public-key encryption. Granted, the example broke down a little in the end because it would allow for the thief to use his copy of the delivery driver’s key to unlock the box whenever you placed a return in it but in the digital world, you wouldn’t place anything in the box that you weren’t okay making accessible to anyone with a copy of the delivery driver’s key anyway, regardless of how they got it.

In the digital world you are protecting data, not lockboxes, so let’s get into that context. Suppose I want to send an important email about our planned product releases from headquarters to co-workers all around the world. Corporate espionage has been a problem lately so it is important that I encrypt the message and that only the intended recipients can decrypt it. On the other hand, it is also important for the recipients to have confidence that the email really came from me in the first place. So I am going to encrypt the message using my private key that only I possess and the recipients will decrypt it using the public key I issued them. All of their copies are identical. Reflect on the lockbox we built. The delivery driver can unlock the box if and only if you locked it in the first place. It’s the same in public-key encryption. The public keys you have issued can decrypt a message of yours if and only if it was encrypted using your private key in the first place. So, the act of successfully decrypting the email from you using the public key you issued is in itself proof that it was encrypted using the private key that only you possess thereby proving that the email did indeed come from you.

Put in other terms, my private key is run through a mathematical process against the email I am sending that scrambles the email such that only the public key can be used to mathematically descramble it.  And that in essence is the magic behind public-key cryptography.  Want to try it for yourself?

That’s all there is to understanding public-key encryption! We hope that this article has given you a better understanding of how PKE works as it is a very important building block to other technologies we will discuss in future articles. We also hope that this article has sparked ideas about areas within your enterprise that could benefit from the implementation of PKE. If you do have ideas to discuss, we’d like to discuss them with you! Please call us at 833-POLYRIFIC or send us a message to learn more!