TLS, SSL, SSH and PGP/GnuPG use *public key criptography*. This uses two
complementary keys instead of one shared key:

- The
*public key*of a user (or computer) is well-known and can decrypt messages encrypted using the private key. - The
*private key*of a user (or computer) is secret and can decrypt messages encrypted using the public key.

This allows:

- Using the public key of a user to encrypt a message so that only he can read
it (
*confidentiality*). - Using the private key of a user to sign a message (
*authenticity*). - Using a trusted private key to sign the public key of a user
(
*certification*).