With the power of cryptography, you can turn perfectly readable content into incomprehensible garbage. Great for hiding your secret "guilty pleasure" playlist from prying eyes.
Encryption usually incorporates something you want to encrypt. Let's call it a
message and a
key that allows you to lock (or
encrypt) and unlock (or
message. The last ingredient is an encryption algorithm that uses your
key to turn your
message into something that doesn't resemble the original
But the "one key opens one lock" system only works flawlessly if you don't need to share the key with anyone.
Because then, the question arises: How do you safely transfer the
key to a trusted party? Send them an Email? A carrier pigeon? A letter? None of these options sounds terribly convenient or safe.
This is where
private keys come into play.
private keys can be used to hide the content of messages from strangers but expose them to trusted parties. They can also act as a way to verify the integrity of a
Imagine instead of
1 key you know have
Your private key is your own little secret You never share it with anyone
Your public key on the other hand should be openly shared.
2 keys are created from the same function and are inherently connected.
You can encrypt messages with your
private key and decrypt them with your
But wait? If everyone has your
public key, anyone can decrypt your messages.
This doesn't sound secure at all. But stick with me.
One can also encrypt a
message with your
public key and decrypt it with the matching
It starts to make more sense if we introduce a second pair of keys for your friend. An example will shed light on this.
You want to send your "guilty pleasure playlist" to your friend Mathilda, but you are concerned by the thought that someone could read the playlist's content while it's being transmitted.
To protect the
message, you encrypt it with your friends
public key. Now the
message can only be decrypted with her
private key. So only she can read it. Profit!
Interactive node.js message encryption
Verify message integrity
There is only one problem with this example. If someone interferes with the transmission between you and Mathilda, they can create a new
message with Mathilda's
public key and pretend it is coming from you. What if they add your least favourite song to the playlist? Mathilda will never talk to you again if she finds out you listen to Wham!(I hope you your friends aren't that judgemental)
But fortunately, your keys can also help you with this challenge.
You remember you're the only person with your
private key? We can use this to our advantage and encrypt your playlist with your
private key. This won't prevent anyone from reading it. But Mathilda can now be sure the
message is coming from you because she can decrypt it with your
public key. If this is not possible anymore, the
message has been tampered with.
Interactive node.js message verification
There is also a way to combine those two methods to protect the
message from prying eyes and verify
message integrity. But this a story for another post in the future.
- Public Key Cryptography - Computerphile - https://www.youtube.com/watch?v=GSIDS_lvRv4
- Explaining public-key cryptography to non-geeks - https://medium.com/@vrypan/explaining-public-key-cryptography-to-non-geeks-f0994b3c2d5