DEV Community

Lucca Sanwald
Lucca Sanwald

Posted on • Originally published at idkshite.com

Public and Private key cryptography

With the power of cryptography, you can turn perfectly readable content into incomprehensible garbage. Great for hiding your secret "guilty pleasure" playlist from prying eyes.
Encryption usually incorporates something you want to encrypt. Let's call it a message and a key that allows you to lock (or encrypt) and unlock (or decrypt) the message. The last ingredient is an encryption algorithm that uses your key to turn your message into something that doesn't resemble the original message anymore.

But the "one key opens one lock" system only works flawlessly if you don't need to share the key with anyone.
Because then, the question arises: How do you safely transfer the key to a trusted party? Send them an Email? A carrier pigeon? A letter? None of these options sounds terribly convenient or safe.

This is where public and private keys come into play.

TLDR;

Public and private keys can be used to hide the content of messages from strangers but expose them to trusted parties. They can also act as a way to verify the integrity of a message.

Encryption

Imagine instead of 1 key you know have 2 keys.

smeagol my private key
Your private key is your own little secret You never share it with anyone
spreading public key
Your public key on the other hand should be openly shared.

Those 2 keys are created from the same function and are inherently connected. You can encrypt messages with your private key and decrypt them with your public key.

But wait? If everyone has your public key, anyone can decrypt your messages. This doesn't sound secure at all. But stick with me.

One can also encrypt a message with your public key and decrypt it with the matching private key.
It starts to make more sense if we introduce a second pair of keys for your friend. An example will shed light on this.

You want to send your "guilty pleasure playlist" to your friend Mathilda, but you are concerned by the thought that someone could read the playlist's content while it's being transmitted. To protect the message, you encrypt it with your friends public key. Now the message can only be decrypted with her private key. So only she can read it. Profit!

Interactive node.js message encryption

Verify message integrity

There is only one problem with this example. If someone interferes with the transmission between you and Mathilda, they can create a new message with Mathilda's public key and pretend it is coming from you. What if they add your least favourite song to the playlist? Mathilda will never talk to you again if she finds out you listen to Wham!(I hope you your friends aren't that judgemental)

But fortunately, your keys can also help you with this challenge.
You remember you're the only person with your private key? We can use this to our advantage and encrypt your playlist with your private key. This won't prevent anyone from reading it. But Mathilda can now be sure the message is coming from you because she can decrypt it with your public key. If this is not possible anymore, the message has been tampered with.

Interactive node.js message verification


There is also a way to combine those two methods to protect the message from prying eyes and verify message integrity. But this a story for another post in the future.

Further Reads

Top comments (0)