Public-Private Key Pairs & How They Work

Oct. 14, 2020

1:00-2:00AM PST

Public and private keys serve as the foundation for public key cryptography and are heavily relied upon in end-to-end encryption. Also referred to as asymmetric cryptography, public key cryptography works because each public key exclusively matches a single private key. “Public key cryptography provides the basis for securely sending and receiving messages with anyone whose public key you can access.” When utilized together, public and private keys effectively encrypt and decrypt messages. In other words, if you encrypt a message by using another individual’s public key, they will be required to use their matching private key to decrypt that message successfully. Public and private keys help keep exchanged data secure when used in conjunction with one another. And someone cannot successfully decrypt a public key-encrypted message without its corresponding private key.

However, these public and private keys are not entirely keys, after all. Instead, they are massive prime numbers that are related to each other in a mathematical sense. As such, messages that a public key encrypts, the related private key alone can decrypt. Numerous vastly popular mathematical algorithms exist for generating public and private keys, including the widely respected RSA, DSS (Digital Signature Standard), and several elliptic curve techniques. And because an individual can’t guess the private key sheerly based on knowing the public key, users can share public keys deliberately and openly without concern.

What are Public Keys?

Enabling users to encrypt messages sent to other individuals on a given system, public keys allow users to confirm signatures signed by another person’s private key. Often described as being very similar to an organization’s address online, public keys are just that -- public. Any individual can look up your public key and share it among any number of users. And much like a mailing address or web address, someone can share a public key with each individual within a given system. Moreover, public keys serve to encrypt messages prior to being sent out to a specific recipient in public key cartography.

What are Private Keys?

Paired with the public key is a unique, distinct private key. A private key allows a user to decrypt a message that has been secured by their public key. Furthermore, individuals can sign their messages with their unique private key, confirming the sender’s identity for the recipient.


It can be beneficial to think of a private key as something that functions very similarly to the key to your business’s front door, and you possess the only copy. And so, one of the primary differences between public and private keys is that a private key empowers you alone to open that front door. In other words, your distinct private key, which you have exclusive access to, enables you to decrypt encrypted messages. As the intended recipient, you alone can decrypt the message.

Digital Signatures

In public key cryptography, a digital signature can be created using both public and private keys. A digital signature serves to guarantee that a user is who they claim to be, assuring the sender of the recipient’s identity. Most often, data is encrypted using a recipient’s public key. Then, the recipient decrypts that data by using their private key. Nevertheless, it is essential to note that there is no possible way to authenticate a message’s sender or source without utilizing digital signatures.

To put this into the form of an example: Since Person A’s public key is public, Person B can get ahold of it with ease and pretend to be Person A when sending a message to Person C. To circumvent this type of fraudulent behavior, Person A can use a digital signature to sign his message.

When using public and private keys, an individual can create a digital signature to sign emails sent with their private key. When the recipient receives the sender’s message, they can use the sender’s public key to authenticate the digital signature. Because a digital signature uses a sender’s private key, the sender is the only possible individual who can create the signature.

Advantages of Public-Private Key Encryption

Encrypting and decrypting messages using public and private keys affords recipients confidence in the legitimacy of the data they receive from senders. Taking it a step further, a recipient’s use of a public and private key attests to the authenticity, confidentiality, and integrity of the data they receive.

With public-private key encryption, each message transmitted by a sender to a recipient is signed with the sender’s private key, ensuring authenticity. Thus, when a sender signs a message with their private key, they guarantee the message’s authenticity, illustrating that they were indeed the message’s source. And in this way, the sender’s public key, which the recipient has access to, is the sole method of decrypting the sender’s message.

The content in a message secured with a public key may only be encrypted using the corresponding private key, ensuring confidentiality. In other words, public-private key encryption ensures that the intended recipient alone will ever be able to access the email’s contents.

An essential element of the decryption process mandates checking that the received message and sent message are a match, ensuring integrity. In effect, this guarantees that the contents of the message were not altered while in transit.


In Conclusion

Public-private key pairs provide a strong foundation for extremely robust encryption and data security during message transmission. Utilizing this pair of keys, public key encryption offers users seamless enhanced security. A sender encrypts their message using a public key, and the recipient decrypts that message using the sender’s private key.

With Trustifi, the easiest and most comprehensive email security solution on the market, users can rest assured that their messages will remain encrypted in transit. Easily deployed with Gmail, Outlook, or virtually any other email server, Trustifi’s NSA-grade end-to-end email encryption provides full inbound and outbound protection, keeping the contents of your messages safe and accessible solely to you and your intended recipient. And Trustifi allows users to recall, block, modify, and set expiration dates and times on previously sent and delivered emails. Contact Trustifi today to request a free quote!

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization