What is Public Key Encryption?

Public key encryption is a type of cipher architecture known as public key cryptography that utilizes two keys, or a key pair, to encrypt and decrypt data. One of the two keys is a public key, which anyone can use to encrypt a message for the owner of that key. The encrypted message is sent and the recipient uses his or her private key to decrypt it. This is the basis of public key encryption.

This type of encryption is considered very secure because it does not require a secret shared key between the sender and receiver. Other encryption technologies that use a single shared key to both encrypt and decrypt data rely on both parties deciding on a key ahead of time without other parties finding out what that key is. The fact that it must be shared between both parties does open the door to third parties intercepting the key though. This type of encryption technology is called symmetric encryption, while public key encryption is known as asymmetric encryption.

A "key" is simply a small bit of text code that triggers the associated algorithm to encode or decode text. In public key encryption, a key pair is generated using an encryption program and the pair is associated with a name or email address. The public key can then be made public by posting it to a key server, a computer that hosts a database of public keys. Alternately, the public key can be discriminately shared by emailing it to friends and associates. Those that possess the public key can use it to encrypt messages to the person or e-mail address it's associated with. Upon receiving the encrypted message, the person's private key will decrypt it.

Public key encryption is especially useful for keeping email private. Any stored messages on mail servers, which can persist for years, will be unreadable, and messages in transit will also be unreadable. This degree of privacy may sound excessive until one realizes the open nature of the Internet. Sending email unencrypted is akin to making it public for anyone to read now or at some future date.

The most widely known and respected public key encryption program is PGP (Pretty Good Privacy), which offers military-grade encryption. PGP has plug-ins for most major email clients so that the clients work in concert with PGP to encrypt outgoing messages and decrypt incoming messages automatically. PGP maintains a "key ring" or file of collected public keys. An email address can be associated with a key so that the email client will automatically pick out the proper public key from the PGP key ring to encrypt the message upon sending. It will also automatically use a private key to decrypt incoming mail. To use public key encryption for email, both the sender and receiver must have encryption software installed.

Programs like PGP also have digital signature capability built in. With this feature, messages sent can be digitally signed with the click of a button, so that the receiver knows the message was not tampered with en route and is authentic, or from the stated sender. Public key encryption can also be used for secure storage of data files. In this case, the public key is used to encrypt files while the private key decrypts them.