Public key cryptography, also known as public key encryption or asymmetric encryption, uses two separate keys for encryption and decryption — a public key and a paired private key. It differs from symmetric key cryptography, which uses the same secret key for both encryption and decryption functions.
In public key cryptography, the public key is widely available and used by others who want to encrypt a message being sent to you. The private key is a matching secret key held by the user and is the only key that can decrypt messages that are sent to it.
How Public Key Cryptography Works
Public key cryptography is often explained using the “lockbox analogy.” Imagine Alice has a three-position lockbox, which locks to the left and also locks to the right, and only in the center position is it unlocked. The lockbox has two keys, Left Key (which can only turn to the left) and Right Key (which can only turn to the right). So if the box is in the left-locked position, only the Right Key can open it. And if the box is in the right-locked position, only the Left Key can open it. Alice makes copies of the Left Key and sends one to Bob while keeping the Right Key secret. This means that Bob can use the public Left Key to send Alice things in a box which only she can open (i.e., they are locked to the left). Also, Alice can lock a box using her secret Right Key. If Bob or anyone else receives the box and it has been locked to the right, they know it came from Alice and can use their Left Key to unlock.
Public key cryptography forms the basis of public key infrastructure (PKI) systems, which in turn drives most of today's secure digital communications. Passwordless authentication standards set by the FIDO Alliance leverage public key cryptography.
"TLS uses both public key cryptography and symmetric key cryptography to protect data as it is transmitted. Public key cryptography is used for the TLS handshake, which establishes a secure session between client and server and sets up a shared symmetric encryption key. Symmetric key cryptography is then used to exchange data within the secured session."