public key

What is a public key?

In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.

A public key is also used to encrypt a message or check the legitimacy of a digital signature. It is accompanied by a corresponding private key, which is known only to its owner. Private keys are used to decrypt messages that were created with the corresponding public key or to create signatures. In other words, a public key locks up data from unauthorized use, while a private key is used to unlock it.

Public keys are available from a certificate authority, which issues digital certificates that prove the owner's identity and contain the owner's public key. Public keys are created using an asymmetric algorithm, which pairs the public key with an associated private key. The most common algorithms used to generate public keys are Rivest-Shamir-Adleman, elliptic curve cryptography and Digital Signature Algorithm.

A public key can be given to any person with whom an individual wants to communicate, whereas a private key belongs to the individual it was created for and isn't shared. The public key is typically stored on a public key infrastructure server and is used to encrypt data securely before it is sent over the internet.

Core components of public key infrastructure
Find out about public key infrastructure's four core components.

How does a public key work?

A cryptographic key is a mathematical algorithm implemented in software or hardware and used to encrypt or decrypt data. It is a string of bits that are combined with the data to create ciphertext. The cryptographic key can also be used to unencrypt data back to plaintext.

The two main types of cryptographic algorithms are symmetric and asymmetric. Symmetric key algorithms work by using a single key to encrypt and decrypt information, whereas asymmetric cryptography uses two keys: a public key to encrypt messages and a private key to decode them.

Diagram of symmetric vs. asymmetric encryption
See how symmetric and asymmetric encryption compare.

The process for sending and receiving data via asymmetric cryptography typically consists of five steps:

  1. Key generation. Each individual generates a public and private key.
  2. Key exchange. The sender and recipient exchange public keys.
  3. Encryption. The sender's data is encrypted using the recipient's public key.
  4. Sending encrypted data. The encrypted data is sent to the recipient.
  5. Decryption. The recipient decrypts the message using their own private key.

Public key applications

Some applications of public key technology include the following.

A diagram of how asymmetric encryption works
Asymmetric encryption requires the use of both a public and a private key. See how it works.


This is the main use of a public key to encrypt messages prior to sending. With asymmetric encryption, both the public and private keys are generated randomly. Anyone can have access to a public key to encrypt data, but only an individual who has the matching private key can decrypt the data.

Since the public and private keys are mathematically connected, they are used together to encrypt and decrypt information. If anyone other than the owner of the private key tries to decrypt the information using the public key, the information will be unreadable.

Digital signatures

Public key encryption can also be used to create digital signatures. The digital signatures are generated via the following steps:

  1. The sender identifies the file to be digitally signed.
  2. The document application on the sender's computer calculates a unique hash value for the contents of that file.
  3. The sender's private key is used to encrypt the hash value, creating the digital signature.
  4. The original file and the digital signature are sent together to the recipient.
  5. The recipient uses the sender's public key to decrypt the digital signature's hash.
  6. The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified. If the hashes don't match, that's evidence that the document has been altered or that the signature isn't valid.
diagram of how digital signatures work
With a digital signature, a private key is used to create a hash value of the contents of the file that's being signed and sent. The recipient uses the signer's public key to decrypt the signature and verify that the decrypted hash value matches the hash of the original file.

Secure Socket Layer and Transport Layer Security connections

SSL/TLS use public key encryption to create a secure connection between the server and client. This encryption method enables the use of Hypertext Transfer Protocol Secure. The communication session is first established using asymmetric encryption to establish the identities of both parties and to exchange a shared session key that enables a symmetric cipher. Symmetric encryption, using a shared key, is faster and more efficient than asymmetric encryption so it makes sense to use it for as much of the communication as possible.

Public key risks

While public key encryption is more secure than symmetric encryption, there are a few risks to consider, including the following:

  • Low-quality key. A poorly crafted asymmetric key algorithm -- one that's too short in length, for example -- is a security risk.
  • Lost private key. If the private key is lost or misplaced, access to the data becomes problematic.
  • Man-in-the-middle (MitM) attacks. Public key encryption can be a target for MitM attacks. The two main ways of trusting the identity of a website are the site's security certificate and its public key encryption. If either of these is compromised, a malicious party can insert itself into the connection between a user and a website and then capture any information sent between the two.

The origin of public key encryption

In 1976, Whitfield Diffie, Martin Hellman and Ralph Merkle published a paper titled "New Directions in Cryptography." In this paper, they introduced the idea of public key cryptography and described the first known functional distributed cryptographic protocol. Since then, the public key encryption algorithm has been used in finance, e-business and e-commerce to keep data secure by using two mathematically related keys.

Learn more about asymmetric and symmetric encryption, along with everything you need to know about data security in general in our latest guide.

This was last updated in June 2021

Continue Reading About public key

Dig Deeper on Disk and file encryption tools