Have you ever tried to explain public-key cryptography (a.k.a. asymmetric cryptography) or the concept of public and private keys and what they’re for to non-techies? It’s tough, and I’ve spent the last little while trying to come up with an analogy that’s layperson-friendly and memorable.
It turns out that it already exists, and Panayotis Vryonis, pictured to the right, came up with it. Go over to his blog and check out the article titled Public-key cryptography for non-geeks. Whenever I have to explain what private keys and public keys are for to someone who’s new to cryptography, I use Vryonis’ “box with special lock and special keys” analogy. Not only does the explanation work, but it’s so good that the people I’ve used it on have used it themselves to explain public-key crypto to others.
I’ve recently used Vryonis’ analogy in a couple of presentations and thought I’d share images from my slides. Enjoy!
The crypto everyone gets: Symmetric cryptography
Everyone “gets” symmetric cryptography. It’s an easy concept to get because it’s got a counterpart in real-world locks (as pictured above), which typically have two positions:
- Unlocked, which is analogous to unencrypted data
- Locked, analogous to encrypted data
With both real-world locks and symmetric encryption, there’s a single key that does both the locking (encryption) and unlocking (decryption).
The tougher-to-explain crypto: Asymmetric (a.k.a. public-key) cryptography
Public-key crypto is counterintuitive, so Vryonis came up with an analogy in which we’re asked to imagine a box equipped with a special lock with three positions:
- A: The “9:00” position, which is unlocked
- B: The “12:00” position, which is locked
- C: The “3:00” position, which is unlocked
The special lock can accommodate not one, but two different varieties of key.
First, there’s the private key, which can only turn the lock clockwise — from position A to position B, or position B to position C.
As the name implies, the owner of the lock keeps the private key and does not share it.
Then there’s the public key, which can only turn the lock counterclockwise — from position C to position B, or position B to position A.
As the name implies, the owner of the lock shares any number of copies of the public key with the world. It doesn’t matter whether it’s one copy with a friend, or a million copies left willy-nilly all over the place.
The public key is the counterintuitive thing about public-key crypto, since it goes against everything you’ve heard about physical security (don’t give out copies of your house keys or the combinations for your locks) and digital security (don’t share your bank card PIN or passwords, and don’t make them easy to guess). But it’s the public part of public-key crypto that makes it so useful, as you’ll soon see.
Of course, none of these things — the special lock, the private key, and the public key — exists as a physical entity. The special lock is an encryption/decryption algorithm implemented in software, and both the public and private keys are data that you feed into that software.
The public and private keys are are used together by the encryption/decryption algorithm to encrypt and decrypt data. A message that has been encrypted with a public key can only be decrypted by its matching private key. A public key and its corresponding private key are mathematically related to each other, so they must be generated as pairs. Even though they’re related, there’s a fair bit of clever mathematics that goes to ensuring that it’s exceedingly difficult to compute the private key from its corresponding public key.
Enough theory — let’s see public-key cryptography in action!
Using public-key cryptography to send secret messages
Suppose you want to send me a message that only I will be able to read. In our “box with special lock and special keys” analogy, you’d put it into the special box and lock it with a copy of my public key that I’d given you (or hey, a copy of my public key that you’d found lying around because I’d left them everywhere). Remember, in this analogy, the public key can only turn counterclockwise, so to lock the box, you’d turn the key from the rightmost position (unlocked) to the center position (locked). Once that’s done, you’d send the box to me.
The digital world equivalent would be to use public-key encryption software to encrypt the message that you want to send using my public key. The software would take the message and mathematically combine it with the public key, transforming it into an encrypted message, which you would then send to me.
When I receive your message, I will be unable to read it as-is. In our “box with special lock and special keys” analogy, I’d first have to unlock the box it came in by using my private key. Unlike the public key, which I copied and gave away like candy, only I have the private key. In the analogy, the private key can only turn clockwise, so to unlock the box, I’d turn the key from the center position (locked) to the rightmost position (unlocked).
The digital world equivalent would be to use public-key encryption software to decrypt the received encrypted message using my private key. The software would take the encrypted message and mathematically combine it with the private key, transforming it back into the original message, which I would then be able to read.
Using public-key cryptography to digitally sign messages
Public-key crypto is also useful for digital signatures. I should define what digital signatures are before talking about them any further.
Handwritten signatures — like the kind that you use to sign paper letters or contracts, or paper credit card receipts — are supposed to uniquely identify you, because they’re difficult to duplicate (in theory). The presence of my signature on a message that I send is proof that it indeed was written by me and not someone else (again, in theory).
Digital signatures are also used as proof that a message that I sent was written by me and not someone else. The difference is that it’s much, much, much harder to forge a digital signature.
Suppose I want to send you a message that you can be certain came from me. In our “box with special lock and special keys” analogy, I could do it by putting it into the special box and locking it with my private key. In the analogy, the private key can only turn clockwise, so to lock the box, I’d turn the key from the leftmost position (unlocked) to the center position (locked). Then I would send the box to you.
The digital world equivalent would be to use public-key encryption software to sign my message using my public key. The software would take the message and mathematically combine it with the private key, transforming it into a signature that would be included with the message, which I would then send to you.
When you receive my message, you’d want to verify it by checking the signature. In our “box with special lock and special keys” analogy, you’d use my public key to attempt to unlock the box. In the analogy, the public key can only turn counterlockwise, so to unlock the box, you’d turn the key from the center position (locked) to the leftmost position (unlocked). If the message really came from me, my public key would be able to unlock the box; if it didn’t, you wouldn’t be able to. You’d know that it came from me because only my public key would be able to unlock a box I had locked with my private key.
The digital world equivalent would be to use public-key encryption software to verify my message using my public key. The software would take the message and mathematically combine it with the public key, producing a result that would let you know if it had been signed with my private key or not.
A quick summary
Public-key crypto uses matching pairs of keys:
- The private key, which you keep to yourself, and
- The public key, which you share freely.
To send a secret message, you use the recipient’s keys:
- The sender uses the recipient’s public key to encrypt the message, and
- The recipient uses their private key to decrypt the message.
To sign a message, you use the sender’s keys:
- The sender uses their private key to sign the message, and
- The recipient uses the sender’s public key to verify the signature.
A public key caveat
Public-key encryption works only if you know for certain that you’re using the actual public key of the person that you’re communicating with.
Suppose you wanted to send secret messages to your friend Alice, and I wanted to intercept those messages. I could do that by generating my own private/public key pair and then give you the public key while saying it was Alice’s. You’d then encrypt the message using what you thought was Alice’s public key, but was actually mine. I could easily decrypt that message using my private key.
In order to avoid this problem, you should make sure that any public keys you use come from trusted sources — either the owner or a trustworthy third party, such as a certificate authority.
Here’s a quick list of layperson-friendly guides to public-key crypto:
- Once again, I point you to the source of the analogy, Panayotis Vryonis’ article, Public-key cryptography for non-geeks.
- Now that you’ve seen Vryonis’ analogy, the Wikipedia page on public-key-crypto (to which I used to send people to learn about it, and then they’d come back confused) might make more sense now.
- This Khan Academy video on public-key crypto uses color to explain how it works.
- Want to learn some of the math behind public-key crypto? Brilliant have a page on the topic with (relatively) simple math, as does Wikibooks, on their Cryptography/A Basic Public Key Example page.
- HowStuffWorks’ How Encryption Works is a pretty good intro to crypto in general.