Public key
What Is a Public Key?
A public key is a cryptographic value that is made freely available and used to perform one half of an asymmetric encryption or digital signature operation. It is always paired with a corresponding private key, which is kept secret by its owner. The two keys are mathematically related, but the relationship is constructed so that knowing the public key provides no practical means of deriving the private key. This asymmetry is the foundational property that allows secure communication between parties who have never shared a secret in advance.
The concept was introduced in 1976 by Whitfield Diffie and Martin Hellman, whose paper described the possibility of secure key exchange over an open channel. Before this work, all practical cryptographic systems required parties to share a secret key beforehand, a serious practical limitation. Public key methods removed that requirement by allowing one party to publish a key that others can use to encrypt messages or verify signatures, while only the private-key holder can decrypt or sign.
Key Pair Operations
The NIST Computer Security Resource Center glossary defines a public key as a mathematical key whose public availability allows others to verify signatures created with its corresponding private key, or to encrypt data that only the private key can decrypt. These two uses correspond to two fundamental operations in public key systems. In encryption mode, a sender encrypts a message with the recipient's public key, and only the recipient's private key can recover the plaintext. In signature mode, a signer generates a signature using the private key, and anyone holding the public key can verify that the signature is authentic and that the signed data has not been altered. Most deployed systems use both operations in combination: digital certificates bind a public key to an identity, and encrypted sessions protect the content once identity is established.
Public Key Infrastructure
Public keys gain their practical utility when embedded in a trust system. A public key infrastructure (PKI) consists of certificate authorities, registration authorities, and the policies and procedures that govern how keys are issued, validated, revoked, and replaced. Certificate authorities issue digital certificates, which are signed documents attesting that a particular public key belongs to a named entity. The X.509 standard, defined by the International Telecommunication Union and widely adopted across TLS, email signing, and code signing, specifies the format these certificates take. NIST Special Publication SP 800-57 provides guidance on key management across the full lifecycle of public key pairs, from generation through revocation.
Post-Quantum Considerations
Contemporary public key systems rely on mathematical problems that are computationally hard for classical computers to solve, most commonly integer factorization (used in RSA) and discrete logarithm problems in elliptic curve groups. Sufficiently large quantum computers could solve both problems efficiently using Shor's algorithm, which would render currently deployed public key systems insecure. In response, NIST ran a multi-year Post-Quantum Cryptography standardization process and published its first post-quantum key encapsulation and digital signature standards in 2024. These standards specify algorithms whose hardness assumptions do not depend on factoring or discrete logarithms, providing a migration path for systems that must remain secure against future quantum adversaries.
Applications
Public keys have applications in a wide range of security and communication domains, including:
- Transport Layer Security (TLS) for encrypted web, email, and application traffic
- Code signing to verify software authenticity and integrity
- Secure Shell (SSH) for authenticated remote system access
- S/MIME and PGP for encrypted and signed email
- Blockchain and digital currency systems for transaction authorization
- Electronic document signing in legal and financial workflows