Public Key, private key, and SSL (vivid)

Source: Internet
Author: User


I. Public Key and Private Key

1. The public key and private key appear in pairs.
2. Public Keys are called public keys. Only private keys that you know are called public keys.
3. Only the corresponding private key can decrypt the data encrypted with the public key.
4. Only the corresponding public key can decrypt the data encrypted with the private key.
5. If the public key can be used for decryption, it must be the secret of the corresponding private key.
6. If you can use the private key for decryption, it must be the secret of the corresponding public key.


Assume that I have two numbers: 1 and 2. I like the number 2 and keep it. I will tell you that 1 is my public key.

I have a file that cannot be viewed by others. I use 1 for encryption. Someone else finds this file, but he does not know that 2 is the decryption private key, so he cannot undo it. Only I can use number 2, that is, my private key, to decrypt it. In this way, I can protect the data.

My good friend X used my public key 1 to encrypt character a, encrypted it into B, and put it online. Someone else steals this file, but someone else cannot undo it, because someone else does not know that 2 is my private key. Only I can decrypt it. After decryption, I will get. In this way, we can transmit encrypted data.

Now we know that encryption with the public key and decryption with the private key can solve the problem of secure transmission. If I encrypt a piece of data with a private key (of course, only I can use the private key to encrypt it, because only I know that 2 is my private key ), as a result, all people will see my content, because they all know that my public key is 1. What is the use of this encryption?

But my good friend x said someone impersonates me to send a mail to him. What should we do? I used my private key 2 to encrypt the letter I sent. The encrypted content is D. I sent it to X and told him to decrypt it to see if it was C. He decrypted it with my public key 1 and found it was C. At this time, he will think that the data that can be decrypted with my public key must be encrypted with my private key. Only I know my private key, so he can confirm that it is actually what I sent. In this way, we can recognize the sender's identity.This process is called digital signature.. Of course, the specific process is a little more complicated.Use a private key to encrypt data..

Okay. Let's review:
1. The public key and private key are paired.
2. I only know the private key.
3. You can use my public key to send me encrypted messages.
4. You can use my public key to decrypt the content of the letter and see if it can be unlocked. It indicates that it has been encrypted by my private key, and you can confirm that it was actually sent by me.

1. encrypt data with the public key and decrypt data with the private key
2. Use the private key to encrypt data (digital signature) and the public key to verify the digital signature.

In actual use, the public key does not appear independently and always appears in the form of a digital certificate. This is for the security and validity of the public key.



My friend X and I want to communicate securely. This type of communication can be QQ chat, which is very frequent. I cannot encrypt data with my public key because:
1. My good friend X does not have a public/private key pair. How can I send encrypted messages to him? (Note: In actual situations, both parties may have public/private key pairs)
2. It takes a lot of time to encrypt data with a public/private key, which is slow and affects the QQ effect.

Okay, good friend X, found a number 3, encrypted it with my public key 1, and sent it to me. He said, we will use this number to encrypt the information in the future. After I undo it, I get the number 3. In this way, only the two of us know the secret number 3, and others do not know, because they do not know what number X has picked, and the encrypted content cannot be unlocked. WeCall the secret number a session key..

Then, we select a symmetric key algorithm, such as des. (symmetric algorithms mean that the encryption process and decryption process are symmetric. You can use one key to encrypt and decrypt data with the same key. The public/private key algorithm is a non-symmetric encryption algorithm) to encrypt the communication content between us. Others cannot decrypt because they do not know that 3 is our session key.

Good. Review:
1. SSL for secure communication
2. Both parties use the public key of one or both parties to transmit and agree on a session key (this process is called a handshake)
3. Both parties use the session key to encrypt the communication content of both parties.

The above is the principle. You may think it is complicated. In actual use, it is more complicated than this. Fortunately, good-hearted pioneers have implemented this layer in the operating system or related software, and an ugly name is SSL, (Secure Socket Layer ).

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.