How Public Key vs Private Key Actually Work
Modern systems rely heavily on cryptography to secure communication, protect data, and verify identity.
Behind many of these mechanisms are two simple concepts:
Private Keys Public Keys
These two keys work together to create one of the most important mechanisms in modern computing: asymmetric cryptography.
But what do they actually do?
And how are they used in real systems?
Let's break it down.
The Core Idea
Traditional encryption uses one key.
Encrypt → Secret Key → DecryptBoth parties must share the same key.
This creates a problem:
How do you securely share the key in the first place?
Public-key cryptography solves this.
Instead of one key, it uses two keys.
Public Key
Private KeyThey are mathematically related but serve different roles.
The Two Keys
Public Key
The public key can be shared with anyone.
It is used to:
• encrypt data • verify signatures
Example:
You publish your public key on a server.
Anyone can use it.Private Key
The private key must never be shared.
It is used to:
• decrypt data • create signatures
Example:
Only the owner of the private key can decrypt messages
encrypted with the public key.Example: Secure Message
Imagine Alice wants to send a secret message to Bob.
Step 1
Bob generates two keys:
Public Key (shared)
Private Key (secret)Bob sends Alice his public key.
Step 2
Alice encrypts the message using Bob's public key.
EncryptedMessage = Encrypt(message, BobPublicKey)Step 3
Bob receives the message and decrypts it using his private key.
message = Decrypt(EncryptedMessage, BobPrivateKey)Only Bob can decrypt it.
Even Alice cannot decrypt it after encryption.
Digital Signatures
Public/private keys are also used for identity verification.
Instead of encrypting a message, the sender signs it.
Step 1
Alice signs the message using her private key.
signature = Sign(message, AlicePrivateKey)Step 2
Anyone can verify the signature using Alice's public key.
Verify(message, signature, AlicePublicKey)If verification succeeds:
The message really came from Alice
and was not modified.Real-World Examples
Public/private keys are everywhere in modern systems.
HTTPS / TLS
When you open:
https://example.comYour browser uses public-key cryptography to securely exchange keys with the server.
This protects: • passwords • cookies • credit card information
SSH
When connecting to a server:
ssh user@serverAuthentication often works using a key pair:
~/.ssh/id_rsa (private key)
~/.ssh/id_rsa.pub (public key)The server stores the public key.
The client proves identity using the private key.
JWT Signing
Many backend systems sign tokens using private keys.
Example:
RS256 JWTFlow:
Server signs token with Private Key
Clients verify token using Public KeyThis allows distributed systems to verify tokens without sharing secrets.
Git
Git commits can be signed using GPG keys.
Private key → sign commit
Public key → verify commitThis proves the commit came from the real author.
Why This Matters for System Architects
Public/private key cryptography enables:
• secure communication • distributed authentication • trust without shared secrets • secure microservice communication
It is the foundation behind:
TLS
OAuth
JWT
SSH
Blockchain
Secure APIsWithout asymmetric cryptography, modern internet infrastructure would not work.
A Simple Way to Remember
Think of it like a mailbox.
Public Key = Mail slot anyone can drop letters into
Private Key = The only key that opens the mailboxAnyone can send you a message. But only you can open it.
Final Thought
Public-key cryptography solved one of the biggest problems in distributed systems:
How do you establish trust between parties that have never met?
By separating encryption and decryption into two different keys, systems can communicate securely across the open internet.
It's one of the simplest ideas in cryptography and one of the most powerful.