Definition: Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses key pairs. Each pair consists of a public key and a private key. A public key may be known to others, whereas the private key should not be known by anyone but the owner.
Explanation
A Public Key is a mathematical key that has public availability and that is used by applications to verify digital signatures created with its corresponding private key. Depending on the algorithm, public keys can encrypt messages or files that can only be decrypted by the corresponding private key, ensuring that only the intended recipient can decrypt the message. This is used as a digital form of signature.
Public keys need to be shared, and they also need to be stored securely. Therefore, they are stored on digital certificates for secure transport and sharing.
Private keys are not shared and can be stored in the software or operating system that is used, or on hardware such as a hardware security module (HSM) that provides higher levels of data security and trust.
Certificate Authorities (CAs) issue digital certificates that use public key cryptography. The public and private keys are generated by a trusted CA by both parties. The private key is typically held by the key pair's generator, while the public key is held by anyone who has a requirement to send data.
In the above illustration, the sender’s private key encrypts the data - this is the digital signature - and the receiver uses the public key to decrypt it and verify it matches the attachment.