Asymmetric Encryption for Anyone
For those interested, I can explain symmetric and asymmetric encryption using simple examples.
Most people are familiar with symmetric encryption, the same way they understand a house key: you use the key to lock and unlock the door. Turn the key one way, and the door is locked; turn it the other way, and the door is unlocked. Pretty simple. You use the same key for both locking and unlocking.
Now, imagine a new kind of lock, with three positions instead of two: one locked, one unlocked, and one more locked, like this.
What’s more, this lock has two keys, not one. The keys are special, too; each key can turn the lock in only one direction. So, if the door is unlocked, key #1 can lock the door by turning clockwise, but then only key #2 will turn the lock counter-clockwise to unlock it. Key #2 can lock the door, but then only key #1 can unlock it. This is the heart of asymmetric encryption: what one key locks, only the other can unlock.
Let’s take the allegory one step further. Put this lock on a small steel safe, and give away one of the keys to anyone who wants it. That is the public key. Conversely, the key you keep to yourself is the private key. Now, anyone can open the safe after you lock it. In fact, if the key you gave out will open the safe, then everyone can be certain that you are the one who locked it. This is the principle behind digital signatures; more broadly, it’s called non-repudiation. This is how PGP signatures work. A single sender, possibly with multiple recipients, all of whom can verify the sender’s identity via the sender’s public key.
If you flip the situation around, someone else can put something in the safe, and lock it with your public key. Then, only you can open it with your private key. This is how encrypted email works. Multiple possible senders, but only one recipient, who possesses the one key that will unlock whatever they lock.
I hope this can help someone understand how public and private keys work.