Let’s say personA is trying to communicate with personB. Both of them have their own public-private key pair. Both of them know each other’s public keys.

If personA wants to send a message to personB, he encrypts the message with personB’s public key. PersonB can then use his private key to decrypt this message. This message can only be decrypted by personB’s private key (b/c it was encrpyted by personB’s public key). If personB doesn’t give his private key to anyone, he is the only one who can decrypt this message.

Messages encrypted with the public key can only be decrypted with the corresponding private key.

Let’s say personA still wants to send a message to personB, but he wants to sign the message, so that when personB gets it, personB knows it came from personA and not someone else.

PersonA would first encrypt the message with his own private key, and then encrypt that with personB’s public key. Now, when personB gets the message, he decrypts it with his private key (which removes the outter encryption), and then he uses personA’s public key to remove the inner encryption. This second step, using personA’s public key to remove the inner encryption will only work if the message came from personA (i.e. if it was signed with personA’s private key).

  • Messages encrypted with the public key can only be decrypted with the corresponding private key.
  • Messages encrypted with the private key can only be decrypted with the corresponding public key. This fact can be used to send secure signed messages, where the message’s source can be verified.