DEV Community

Taskill
Taskill

Posted on • Edited on

A killer explanation of Secret-Key and Public-Key Cryptography

When it comes to cryptography, there are two main ways in which two parties can send encrypted messages to each other. Neither is difficult to understand on a general level, but the asymmetric or "public key" method in particular often is not explained very intuitively, which leads to unnecessary confusion.

I would therefore like to provide you with an explanation that hopefully even a brain-dead teenager from a slasher movie would understand before his bloody murder. Let's get started!

Symmetric ('secret key'-)encryption

Let's say Sadako wants to send her buddy Jason some of her favourite cursed VHS-tapes. But now there's this creepy guy from neighbouring Elm Street, Freddy, who likes to poke his big nose into other people's business and read private mail. So what to do?

Sadako's first idea is to buy a lockable box, put her tapes in it and send the box to Jason. So far so good, now Freddy can't get to the contents of the box because he doesn't have the key - except that Jason doesn't have the key either and therefore can't open the box himself! What now? Sadako has to send Jason a key, too. But, oh dear, as usual Freddy rummages through the mail that doesn't belong to him, finds the key, makes himself a copy and can now open the box!

If both sides who want to communicate privately have the same key with which they can encrypt and decrypt a message, i.e. lock and unlock the box, then this is called symmetric or secret-key encryption. The system works wonderfully once both parties have the key. They can then keep it secret - hence it's called secret key - and have no reason to send it around publicly where it is in danger of being stolen.

The problem, however, arises at the start of the conversation, because normally only one side has the key in the beginning - Sadako has bought the box, so she's the only one who has the key. She now has to send her key to Jason at least once. And this is where an attacker like our curious Freddy can interfere and spy on the key, which he can then use to decrypt and read the communication himself in the future.

Asymmetric ('public key'-)encryption

After the first failed attempt to be able to send mail to each other undisturbed, Sadako and Jason think about what could be done. Finally Jason has an idea: he pays his old buddy Pinhead a visit, who is known for his penchant for special boxes, and has him design such a special box.
This box has an ingenious lock with two keys - one key can only lock the box, the other can only unlock it.

Jason sends this box and the key to lock it to Sadako, while keeping the key to unlock the box to himself. Sadako can now put her cursed tapes in the box, lock the box with the key she got from Jason and then send the box back to Jason, who can unlock it with his own key.
The trick to the story is: Although Freddy can steal and copy the key that Jason sends to Sadako, that doesn't help him at all, because he can only lock the box with this key, but not unlock it!
The key for locking the box - i.e. for encrypting the message - is therefore also called the public key: Because it doesn't matter that it is publicly known. Jason never gives the key to unlock the box, i.e. to decrypt the message, out of his hand - it is his private key.

An important prerequisite for this to work is that Freddy cannot recreate the private key based on the the public key and the lock (i.e. the encryption algorithm) itself. This is not so easily done, because both keys have to be related somehow - after all, they both have to fit into the same lock!
In reality, this means that the keys are mathematically related, but it must not be possible to calculate the private key from the public key without such a great deal of effort that it is practically impossible.
Furthermore, with one pair of keys, secure communication is only possible in one direction: so far, only Sadako can send secret messages to Jason, not the other way round. Only when Sadako has her own box with another pair of keys, she and Jason can really send messages back and forth undisturbed. This means that a total of four keys are required instead of just one, as with symmetric encryption!

The public key method is therefore more complex and slower than the secret key method. To get round this problem, both solutions can be combined: instead of encrypting the actual communication asymmetrically, only once at the start of the conversation an asymmetrically encrypted secret key is sent from one party to the other. As soon as both parties are in possession of the secret key, the communication can be encrypted symmetrically without any problems!

I hope this little explanation was helpful so far! There is more stuff you can do with asymmetric encryption, like creating digital signatures, but this is a topic for another killer story... ;-)

Top comments (0)