Public Key (sometimes called asymmetric) Cryptography allows encrypted messages to be sent without the need to establish a shared secret key. It involves the use of two keys called a *key pair*: a *private* key and a *public* key. The private key is kept secret, and a public key is made publically available.

All entities using such a system would typically possess a key pair. They will use these keys either for encryption or decryption. In any case, if one of the keys is used for encryption, then only the other key can be used for decryption.

So, in Public Key Cryptography, to send a message in an encrypted form to a receiver, the sender:

Gets hold of the receiver's public key.

Encrypts the message with the receiver's public key.

Sends the encrypted message.

The receiver then decrypts the message using its private key. Only the receiver, who has access to the corresponding private key, can decrypt it.

That is the basic process used for a pure PKC system. In the real world, however, Public Key Cryptography is typically used in conjunction with traditional symmetric key cryptography. This is done in order to reduce key management problems while at same time taking advantage of the superior speed of the latter. The method for doing this is called a *digital
envelope*: a random symmetric private secret key is generated, the message is encrypted with this secret key using a symmetric algorithm, and then the secret key is encrypted with the receiver's public key using an asymmetric algorithm.

The other main use for Public Key Cryptography is in signing (digital signatures):

While Public Key Cryptography ensures that only the entity with access to the corresponding key will be able to read the message or could have signed a given message, it gives no assurance that this entity is/are actually the entity they claim to be. This is where certificates come in. Certificates are needed to solve the problem of authentication: