Public Keys and Private Keys – How They Work

public private keyboard

Last Updated: Jan 17, 2017 @ 6:50 am

If you’re not in the information technology field, then there’s a good chance that the details of online security protocols seem like a foreign language. Secure socket layers? Data encryption? Public and private keys? What does it all mean?

Fortunately, the big-picture isn’t that difficult to understand. In general, the most common forms of online security have to deal with public and private keys. Based on the current standards of web security, both are used to safely transmit sensitive data online, such as a credit card.

The difference between public keys and private keys

Let’s strip away the fancy terminology and look at a real-world analogy. A public key is like the address of your mailbox. In theory, anyone can access it but they have to know where it is. A private key is like a padlock where only one person (the sender) knows the combination. Let’s say you want to make an online purchase. You put your credit card number in a box (a data packet), add a padlock to it (your private key), then stick it in your mailbox (your public key). The mailman comes to pick it up and bring it to its destination (the internet).

Now, keep in mind that there’s a padlock on the package. That way, even if some nefarious person took the package en route, they still wouldn’t be able to open it. A purely public transaction lacks that security, so if you knew where and when to be, you could intercept it.

But back to the example. The mailman brings the information to the store’s mailbox (the store’s public key). The store then adds its padlock onto the package (the store’s private key) and sends it back to you. Now you can unlock your padlock (private key) but there’s still the store’s private key on it — it’s still secure. When you send it back to the store, only they will know their private key, so they can securely open the padlock and remove your credit card information from the box without any fear of it being hijacked or seen by the wrong person.

In the online world, all of this takes place between servers and web browsers. While there’s back and forth transmission, these bursts of data packets transmit electronically, so moving between your computer and the store’s computer takes fractions of seconds. This protocol is known as asymmetric encryption, and it’s the standard through which most sensitive transactions take place.

There are two important things for you to know as a casual user. First, know that you can trust in the latest technology to keep your private details safe when transmitting sensitive data over the internet thanks to protocols such as this. Second, the way to recognize this when this is happening comes from a quick glance at your web browser. Two things will change when you’re using secure transmission — you’ll see a padlock icon somewhere on your browser (for example, on Google Chrome, it appears to the left of the URL) and the URL itself will change its prefix from http to https.

When you see those, you can feel secure that your data is transmitting securely. The flip side to this is that if any site asks for critical information — credit card numbers, social security numbers, mother’s maiden name, or any other details that can be used to identify you through official channels — make sure that you see those two visible changes. If you don’t see them, refrain from hitting the Send button. While there’s a good chance that no one will do a “data drive-by” and steal your information, you don’t want to be the unlucky statistic in that situation.


Click here to go back to ExpressVPN’s internet privacy guides

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>