Encryption & Secure Communication

Public Key Cryptography

About 5 min read

Last updated: 2026-02-05

What Is Public Key Cryptography

Public key cryptography is a cryptographic method that uses two different keys - a public key and a private key - for encryption and decryption. The concept was published by Diffie and Hellman in 1976 and was implemented as the RSA algorithm in 1977.

The public key can be shared with anyone, while the private key is kept only by its owner. Data encrypted with the public key can only be decrypted with the corresponding private key. This property eliminates the need to share a secret key in advance, solving the fundamental key distribution problem of symmetric encryption.

Two Uses of Public Key Cryptography

Public key cryptography has two main applications.

1. Encryption (Ensuring Confidentiality)

The sender encrypts data with the receiver's public key, and the receiver decrypts it with their private key. Since the public key is freely available, there is no need to share a secret key beforehand.

Practical example: Encrypted email (PGP) encrypts messages with the recipient's public key so that only the recipient can read them.

2. Digital Signatures (Ensuring Authenticity)

The signer creates a signature with their private key, and anyone can verify it with the corresponding public key. This proves that the data was created by the private key holder and has not been tampered with.

Practical example: Digital certificates use the CA's private key to sign a certificate, and browsers verify it with the CA's public key.

Major Algorithms

  • RSA: The most widely used algorithm historically. Its security is based on the difficulty of factoring the product of large prime numbers. A key length of 2048 bits or more is recommended. It has a long track record but is slower due to larger key sizes.
  • Elliptic Curve Cryptography (ECC): Its security is based on the elliptic curve discrete logarithm problem. Achieves the same security as RSA with much shorter keys (ECC 256-bit ≈ RSA 3072-bit), resulting in faster processing and lower bandwidth usage. Adopted in TLS 1.3 as the standard.
  • EdDSA (Ed25519): A signature algorithm based on twisted Edwards curves. Offers high speed and resistance to implementation errors. Widely used for SSH keys and cryptocurrency wallets.

With the potential future threat of quantum computers, research into post-quantum cryptography (PQC) is advancing. NIST selected lattice-based algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium) as standards in 2024, and migration planning is underway.

How Public Key Cryptography Is Used in TLS

Every time you access an HTTPS site in your browser, public key cryptography is at work. However, not all data is encrypted with public key cryptography.

  1. Key Exchange: During the TLS handshake, public key cryptography (e.g., ECDHE) is used to securely exchange a shared key.
  2. Symmetric Encryption: All subsequent data is encrypted with the shared key using a fast symmetric cipher (AES). Public key cryptography is too slow for bulk data encryption.

This hybrid approach combines the key distribution advantage of public key cryptography with the speed of symmetric encryption. TLS 1.3 mandates ECDHE for key exchange, ensuring forward secrecy.

Practical Considerations and Key Management

To operate public key cryptography securely, key length selection and key lifecycle management are just as important as algorithm choice.

Recommended Key Lengths: RSA requires a minimum of 2048 bits, with 3072 bits or more recommended for long-term use beyond 2030. For ECDSA, P-256 (secp256r1) is the standard choice, equivalent to RSA 3072-bit security but with far superior performance.

Key Lifecycle: Private keys should be rotated periodically. If a key is compromised, all data encrypted with it is at risk. Certificate validity periods (currently up to 398 days) enforce regular key updates.

Secure Storage: Private keys should be stored in HSMs (Hardware Security Modules) or secure key stores. Storing private keys in plaintext files is a critical security risk.

To learn more about this topic, see How HTTPS and TLS Work: The Encryption Behind Secure Communication.

Common Misconceptions

Sharing a public key is dangerous
A public key is literally meant to be shared publicly. Deriving the private key from the public key is computationally infeasible (with current technology), so distributing the public key widely does not compromise security. Only the private key needs to be protected.
Longer keys are always better
Longer keys increase security but decrease processing speed. RSA 2048-bit and ECC 256-bit offer equivalent security, but ECC is far faster. The balance between algorithm choice and key length is what matters.

Public Key vs. Symmetric Key Cryptography

Public Key Cryptography (Asymmetric)

Uses different keys for encryption and decryption. No prior key sharing needed. Slower processing. Used for key exchange and digital signatures. Examples: RSA, ECC.

Symmetric Key Cryptography

Uses the same key for encryption and decryption. Requires secure prior key sharing. Faster processing. Used for bulk data encryption. Example: AES.

Share

Related Terms

TLS/SSL Cryptographic protocols that encrypt internet communications to ensure confident… Digital Certificate An electronic document issued by a trusted Certificate Authority (CA) that binds… End-to-End Encryption (E2EE) An encryption method where data is encrypted on the sender's device and can only… Encrypted Email A technology that encrypts email body text and attachments so that only the send… Data Encryption The process of transforming readable plaintext data into unreadable ciphertext u… Encryption A technology that converts data into a format unreadable by third parties. There…

Related Articles

How HTTPS and TLS Work: The Encryption Behind Secure Communication Understand how HTTPS and TLS encrypt your communication, the role of certificates, TLS version diffe… What Are Passkeys? How Passwordless Authentication Works Understand how FIDO2-based passkey authentication works, how it differs from passwords, and how to s… How Digital Certificates Work - What the Browser Lock Icon Really Means Understand how digital certificates power the browser lock icon, from TLS handshakes and certificate…
← Glossary