TLS, SSL, SSH and PGP/GnuPG use public key criptography. This uses two
complementary keys instead of one shared key:
- The public key of a user (or computer) is well-known and can decrypt
messages encrypted using the private key.
- The private key of a user (or computer) is secret and can decrypt messages
encrypted using the public key.
This allows:
- Using the public key of a user to encrypt a message so that only he can read
it (confidentiality).
- Using the private key of a user to sign a message (authenticity).
- Using a trusted private key to sign the public key of a user
(certification).