# Difference between private key and public key

(

**4**votes, average:

**4.00**out of 5)

Loading...

Bạn đang xem: Difference between private key and public key

But if you’re using two separate keys — one to encrypt data và the other lớn decrypt it — then you’re using asymmetric encryption (public key encryption). The keys are known as the public key (encryption key) & the private key (decryption key).

As we pointed out earlier, there are two separate keys involved in public key cryptography. Imagine a vault that has two separate keys. One can lock the vault, but the same key can’t open it. This means you’d need a different key to unlochồng the vault. In public key cryptography, it’s much the same way: there are two keys — one that can encrypt the data & the other that can decrypt it. These keys are separate yet mathematically related lớn each other. That’s because they’re generated using an asymmetric algorithm that binds the public key to the private one.

To learn more about the differences between them, be sure khổng lồ kiểm tra out this article on the differences between asymmetric vs symmetric encryption.

### What Is a Public Key và How Does It Work?

Within public key infrastructure, the public key encrypts the data. It’s known as the public key because it can be openly distributed, & anyone can use it for encryption. As soon as the data is encrypted using a public key, you can neither interpret nor guess the original nội dung of the data from the ciphertext nor use the same key (i.e., public key) khổng lồ unlock it.

Your public key is generated using complex asymmetric encryption algorithms. The length of the public key depends upon the algorithm it is made with. In general, the key kích thước varies from 128 bits to 4096 bits. The Certificate Authority/Browser Forum (CA/B Forum) provides guidance for the igiảm giá khuyến mãi minimum public key kích thước. For example, based on the CA/B Forum’s current guidelines, all CAs shall confirm that:

The RSA public key is at least 2048 bits, orThat one of the following ECDSA curves is used: NIST P-256, NIST P-384, or NIST P-521.An RSA public key looks like this:

Private key vs public key graphic: This screenshot of bacninhtrade.com.vn’s RSA 2048-bit public key is an example of what a public key looks lượt thích.The mathematical algorithms used lớn create the public key (& private key) are:

ElGamalDigital signature algorithm (DSA)So, what is a difference between an RSA public key versus one that’s ECC? The key sizes, for one. RSA keys are significantly larger than ECC keys, yet ECC keys are just as strong. Second, the keys are calculated in different ways. An RSA public key is the result of two massive prime numbers và a smaller number, whereas an ECC public key is an equation that calculates a specific point on an elliptic curve sầu.

### What Is a Private Key và How Does It Work?

This key can decrypt ciphered data (i.e., encrypted data). Each public key has a corresponding private key. All the pairs of public and private keys are unique. The private key must be kept secret with the owner (i.e., stored safely on the authorized device or non-public-facing server). For SSL/TLS certificates, you generate your private key as part of the key pair that gets created with your certificate signing request (CSR). This means that even the certificate’s issuing CA doesn’t get to see or have sầu access to your public key.

Because your key is secret, it means that you need khổng lồ keep it safe & know where it is at all times. If your private key becomes lost, then you’ve got your work cut out for you and will need lớn re-issue your certificate.

As you can imagine, it’s almost impossible lớn guess a private key from its corresponding public key because it’s generated with svào entropy (randomness). As such, it would take even a modern supercomputer thousands of years to crachồng a private key via a brute force attaông chồng. Thus, no one can decrypt the data except the authorized device where the private key is stored.

A private key looks like this:

An RSA private key example in public key cryptography.### A Quiông xã Overview Down the Differences: Public Key vs Private Key

Looking for a quichồng visual to lớn help you see the differences between a public key & private key? Then look no further:

Public Key | Private Key |

Can be openly distributed | Must be kept a secret |

Used for encryption | Can be used for decryption in asymmetric encryption, or encryption AND decryption in symmetric encryption |

Authenticates digital signature signed with the corresponding private key (when used in certificate pinning) | Insert the digital signature (encrypting the hash) |

Stored inside the digital certificates, outgoing emails, & executables | Stored in authorized devices và non-public-facing servers |

## Public Key vs Private Key: Their Roles in Data Privacy & Security

When you want to protect data while it’s in transit or at rest, public key cryptography comes in handy. One endpoint encrypts the data using the recipient’s public key và sends it. The recipient decrypts it by using the corresponding private key. If anyone else in the middle intercepts the data, they can’t unloông xã, read, or otherwise interpret it without the private key.

Hence, **asymmetric encryption protects the plaintext data from being exposed due to:**

**Man-in-the-middle attacks**

**,**

**Data leaks, and**

**Data theft.**

Just khổng lồ quickly clarify — asymmetric encryption doesn’t stop these types of attacks & data leaks or theft from taking place. But what it *does* bởi vì is stop anyone from being able to lớn read & access the unencrypted/plaintext data. Without the corresponding private key lớn decrypt the data, all the bad guys will see is gibberish.

A classic example of how to think of a public key and private key is lớn consider your gmail address & password.Your tin nhắn address, in this case, represents a public key, which is available to the general public, và anyone who has access khổng lồ it can skết thúc you an email. But only the password holder (i.e., you) can open and read the tin nhắn the trương mục contains. Here, the password serves as a type of private key.

All public key & private key pairs are unique. If you’re signing for a new user ID on a website or application, the system notifies you if your selected user ID is already in use. You must have a chất lượng pair of a user ID (which can be an email, phone number, ID card number, etc.) & password.

### SSL/TLS Certificate

In the same way, the SSL/TLS certificate protects the data transfer between a browser và the website’s VPS using public key cryptography. The website owner installs an SSL certificate on their trang web and relies on the unique mix of public & private keys for that certificate. There are millions of sites using SSL/TLS certificates. But none of them have the same key pairs.

Xem thêm:

When a trang web visitor tries lớn open a website, their web browser engages in a process with the website’s VPS that’s known as a TLS handshake. As part of this process, the browser (client) generates a random pre-master secret, encrypts it using the server’s public key, & sends it lớn the server. The server decrypts the pre-master secret using the corresponding private key & uses it to lớn compute a symmetric session key.

All the data transferred between a user and a trang web for the rest of the session is encrypted using the session key — meaning that it’s transmitted via symmetric encryption. No intruder can access the session key without a private key. It’s this initial use of public key cryptography that makes it possible lớn exchange session keys to engage in symmetric encryption for the rest of the session. This process protects data transmissions between a website và its visitors.

Public key cryptography is also used in the following digital certificates to protect the data:

## Public Key vs Private Key in Identity Verification

Another usage of a public key và the private key is identity verification and digital signatures.

In digital signatures, the sender inserts a digital signature using a private key. The recipient verifies the authenticity of the signature with the senders’ public key. No one can modify, copy, or delete the digital signature except the private key holder (i.e., the authorized sender). **Digital signatures, with other measures, give assurance about the sender’s identity và the integrity of the data.**

### Thư điện tử Signing Certificates

When you install an S/MIME certificate on your email client, it generates a quality pair of public and private keys. It stores the private key on your VPS & sends the public key with all outgoing emails. You can digitally sign your emails using a private key stored on your device. The recipients receive the email along with the public key, which they use to verify the signature. It gives the recipients assurance about the gmail sender’s identity.

A digitally signed tin nhắn looks lượt thích this:

### Code Signing Certificates

These certificates are used by software publishers khổng lồ sign executable software, scripts, drivers, & applications. After completing a piece of software, the developer digitally signs it using their private key. Whenever the users try to lớn download the software, their devices receive the software’s public key khổng lồ verify the signature.

At the time of downloading, a security window pops up. If the digital signature is valid, the dialogue box shows the publisher’s name in it. If there is no digital certificate, the publisher’s name will be shown as “unknown.” A code signing certificate gives assurance lớn the users that the software is coming from a verified publisher.

A side-by-side comparison of what it looks lượt thích lớn end users who download your software when you vị or don’t use a code signing certificate.As you can see in the screenshot above, the security dialogue box is showing “Microsoft Corporation” in the verified publisher’s field. It is Microsoft’s digital signature that no one can modify, change, replicate, or remove sầu. A third-buổi tiệc ngọt certificate authority conducts a rigorous verification process before granting a code signing certificate khổng lồ a publisher.

## Public Key vs Private Key in Two-Way Authentication

The public key and private key are also useful for two-way authentication, or what’s known as client authentication. Organizations don’t want any outsiders to access their intranet websites, development and testing sites, and some resources made strictly for internal usage. In the same way, some sensitive internal emails shouldn’t be opened by outsiders. In this situation, the private key và public key helps to lớn develop two-way authentication.

Some certificates (lượt thích “two-way SSL/TLS certs,” or what are known as personal authentication certificates or client authentication certificates) can be installed on employees’ office devices lớn enable two-way authentication where the server can verify the client. (With traditional SSL/TLS certificates, for example, it’s typically one-way authentication in that the client authenticates the hệ thống, not vice versa.)

**Example**: Suppose Alice và Bob are working for an organization with installed email signing certificates on their tin nhắn clients. When Alice sends an email khổng lồ Bob, she uses Bob’s public key và her private key lớn encrypt and sign the gmail. When Bob receives the tin nhắn, he decrypts it using his private key and Alice’s public key. No one else can open và read the email nội dung because they don’t have the private key.

**Personal Authentication Certificate:** In the same way, personal authentication certificates (client certificates) are installed on the employees’ company devices (desktop, máy tính xách tay, và even smartphones). Both the client & server have sầu a phối of a public key and private key. When employees try to open the website, the traditional TLS handshake process takes place first, where the server presents its SSL/TLS certificate, và the client authenticates it. After that, the client also provides its certificate for the server lớn authenticate.

Let’s understand this process a bit better with another example:

John is a remote software developer working for XYZ corporation. The company has developed an intranet trang web intranet.xyz.com, which only employees can access. XYZ has provided a máy vi tính khổng lồ John for office work in which a client certificate is installed. Whenever John tries lớn open intranet.xyz.com, his browser checks the website’s SSL/TLS certificate as part of the TLS handshake process.

As part of the handshake, John’s device needs to lớn present its certificate, which the website’s VPS authenticates. Only once this process is complete can John access the intranet site. In this way, John can’t access intranet.xyz.com from any device other than his office laptop.

## Wrapping Up on Public Key vs Private Key

Encryption has two types. Symmetric and asymmetric. In symmetric encryption, there is only one key needed for encryption & decryption. That key must be kept secret by all endpoints and users. Key distribution và key management are challenges, & chances of compromise of key increase when a large number of endpoints are involved.

Asymmetric encryption (public key cryptography), on the other h&, is more secure when using large keys with strong entropy. That’s because two keys are involved (i.e., the public key & private key). The major difference between them is that the public key encrypts data whereas the private key decrypts it. Also, you can distribute public keys freely to many endpoints without worrying about security compromise. But the private key is a precious treasure that must be protected at any cost.

We hope this article has helped you to lớn understand public key vs private key & their usage in public key cryptography.

Chuyên mục: Đầu tư