Public Key Encryption- Examples and How It Works
What Public Key Encryption Actually Is
Public key encryption is a method of securing data using two mathematically linked keys: a public key anyone can see, and a private key only you control. Data encrypted with the public key can only be decrypted with the private key. This asymmetry is the foundation of modern internet security.
You encounter it every time you see "HTTPS" in your browser address bar, send an encrypted message, or authorize a cryptocurrency transaction. It's not magic—it's math built on trapdoor functions that are easy to compute in one direction but nearly impossible to reverse without the private key.
How the Encryption Process Works
The workflow is straightforward:
- Key Generation: Your system generates a mathematically linked key pair. The private key stays on your device. The public key gets distributed freely.
- Encryption: Someone uses your public key to encrypt a message or data. Only your corresponding private key can unlock it.
- Decryption: You receive the encrypted data and use your private key to restore the original message.
- Digital Signatures: You can also sign data with your private key. Anyone with your public key can verify the signature is legitimate.
The security relies on mathematical problems like integer factorization (RSA) or discrete logarithms (ECC) that consume massive computational resources to crack with current technology.
Real-World Examples of Public Key Encryption
Secure Web Browsing (SSL/TLS)
When you connect to a website over HTTPS, public key encryption handles the initial handshake. The server sends its public certificate, your browser encrypts a session key with that public key, and only the server's private key can decrypt it. From there, faster symmetric encryption takes over for the actual data transfer.
Digital Signatures
Software updates, contracts, and official documents use digital signatures. The sender hashes the document, encrypts that hash with their private key, and the recipient verifies it using the sender's public key. If the document was tampered with, the hashes won't match.
PGP Email Encryption
Services like ProtonMail and GPG (GNU Privacy Guard) use public key encryption for email. You publish your public key, people send you encrypted emails, and only your private key unlocks them. Nobody—not even the email service—can read your messages.
Cryptocurrency Transactions
Bitcoin and Ethereum rely on public key cryptography. Your wallet holds a private key that authorizes transactions. The public key (or wallet address derived from it) receives funds. Without the private key, nobody can spend your crypto—but everyone can verify the transaction is valid.
Common Encryption Algorithms Compared
Not all public key systems are equal. Here's how the major players stack up:
| Algorithm | Key Size | Security Level | Common Use Cases | Performance |
|---|---|---|---|---|
| RSA | 2048-4096 bits | High | SSL/TLS certificates, email encryption, digital signatures | Slow for large data; used for small payloads |
| ECC (Elliptic Curve) | 256-512 bits | High (comparable to RSA with smaller keys) | Mobile devices, cryptocurrency, IoT, HTTPS | Much faster than RSA with equivalent security |
| Diffie-Hellman | 2048+ bits | High | Key exchange protocols, forward secrecy | Moderate; excellent for establishing shared secrets |
| ElGamal | 2048+ bits | High | GNU Privacy Guard, some cryptographic systems | Slower; produces larger ciphertexts |
ECC has largely overtaken RSA in modern applications because it delivers equivalent security with significantly smaller key sizes, reducing computational overhead and latency.
The Relationship Between Public and Private Keys
People get confused here, so let's be clear: the public key is not derived from the private key (in most systems). Both keys are generated simultaneously from random data using cryptographic algorithms. The public key is safe to share everywhere. The private key must never leave your control.
If you lose your private key, you lose access to everything encrypted with its corresponding public key. There's no password reset. No customer support. No backdoor. This is a feature, not a bug—it's what makes the system trustworthy.
If someone steals your private key, they can impersonate you and decrypt anything meant for you. This is why key storage matters so much. Hardware security modules (HSMs), smart cards, and secure enclaves exist to protect private keys from theft.
Getting Started: Generating and Using Key Pairs
Here's how to actually use public key encryption in practice:
Option 1: GPG for Email and File Encryption
- Install GnuPG on your system
- Generate a key pair:
gpg --full-generate-key - Choose RSA with 4096 bits or ECC (Ed25519)
- Set an expiration date—seriously, do this
- Export your public key:
gpg --export --armor your@email.com > public.asc - Share the public key file; keep the private key backed up securely
Option 2: SSH Key Authentication
- Generate keys:
ssh-keygen -t ed25519 -C "your_email@example.com" - The system creates
~/.ssh/id_ed25519(private) and~/.ssh/id_ed25519.pub(public) - Add the public key content to
~/.ssh/authorized_keyson servers you want to access - Use SSH agent to cache your private key passphrase
Option 3: Cryptocurrency Wallets
- Download a reputable wallet (hardware wallets like Ledger or Trezor are best)
- The wallet generates your key pair automatically
- Your public address comes from the public key—share this to receive funds
- Never share your seed phrase or private key with anyone
Where Public Key Encryption Falls Short
Public key encryption is slow. Encrypting gigabytes of data with RSA or ECC is impractical. This is why hybrid systems exist: public key crypto handles key exchange and authentication, then symmetric encryption (AES) handles bulk data. Your HTTPS connection works this way.
Quantum computers threaten current implementations. Shor's algorithm can break RSA and ECC efficiently once quantum systems scale. Lattice-based and hash-based algorithms are being developed to replace current standards, but migration will take years. If you're protecting data that must remain secure for decades, this matters now.
Key management is harder than it looks. Rotating compromised keys, revoking access, handling key loss—these operational challenges cause more security failures than algorithm weaknesses.
Bottom Line
Public key encryption is the security backbone of the internet. It enables secure communication between parties who've never met, authenticates software and documents, and protects financial transactions. Understanding how public and private keys work together helps you make better security decisions and recognize when something's actually protected versus when it's just theater.
Use established tools. Don't roll your own crypto. Keep private keys secure and backed up. That's it.