Public-key crypto.
A padlock anyone can snap shut, but only you hold the key to open.
Old-style secret codes used one shared key: the same key locks and unlocks, so both sides must somehow agree on it first without anyone overhearing. That is a chicken-and-egg problem on the open internet.
Public-key crypto breaks the loop with a pair of keys that are mathematically linked. You hand one out to the whole world (the public key) and keep the other utterly secret (the private key).
- But how do we swap the key?1
Old codes used one shared key — and two strangers can’t agree on it without someone overhearing.
- Take a padlock. Keep the key.2
A key pair fixes that: a public key you hand to everyone, a private key you never let go of.
- Sealed it with your padlock.3
Anyone can snap your public padlock shut on a message — no password agreed first.
- And only I can open it.4
Only your private key opens it. The secret lands safely, the eavesdropper gets nothing.
- My signature — verify away.5
Run it backwards: lock with your private key and anyone can check it with the public one.
- Signed, and untampered.6
Since only you hold the private key, a passing check proves the message is really from you.
Two jobs from one pair
Run it one way and you get privacy: anyone can lock a message with your public key, but only your private key opens it, so a stranger can send you a secret without ever agreeing on a password first.
Run it the other way and you get proof of identity: something you lock with your private key can be checked by anyone with your public key. Since only you have the private key, that "digital signature" proves the message really came from you and was not altered.
Where you rely on it daily
This is the engine under HTTPS. The certificate that proves a website’s identity is a signature your browser checks with public keys it trusts, and the secret-agreement at the start of every secure connection uses the same family of maths. It also underpins signed software updates, SSH logins, and cryptocurrencies.