A highly-simplified example of encrypting using SSL certificates.

Sara (the sender) wants to send an encrypted email to Rajiv (the recipient). First Rajiv sends Sara a copy of his SSL Certificate. In this highly-simplified example, the public key in Rajiv's SSL Certificate is "+1." The private key, which stays in Rajiv's computer, is also "+1."

So Sara composes a message to Rajiv. It says, "Hi--Sara." Then she instructs her computer to use Rajiv's SSL certificate to encrypt the message. The computer reads Rajiv's public key and adds +1 to each letter in the message.

For example, A+1=B, B+1=C, and so forth.

The encrypted message looks like this:

HI - SARA becomes IJ - TBSB

Anyone who reads the message along the way cannot understand it, because they do not have Rajiv's SSL certificate.

When Rajiv receives the message, his computer subtracts one from each letter in the message. It is again perfectly readable.

In real life, the public and private keys must be different

The example above is simplified. It shows identical public and private keys. The problem with this example is that if Rajiv has identical keys, and if he sends Sara his SSL certificate, then she can decrypt messages he receives from other people. He cannot send her his public key if it is the same as his private key; otherwise she could decrypt all Rajiv's messages.

To protect Internet users, public keys are similar to, but not identical to, private keys. If Rajiv sends his public key to Sara in an SSL certificate, Sara's computer will have enough information to encrypt a message so that only Rajiv's private key can decrypt it.

Here is Rajiv's public key:

3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001

It hints at, but does not expose, the contents of Rajiv's private key. Rajiv can confidently send this key to Sara. He does not worry that she will be able to guess his private key. Although they are similar, because the keys are so long and complicated, it is computationally infeasible to calculate the private key from the public key.

Based on this public key, Sara's computer uses an algorithm to translate her message into an equally unintelligible string of characters, which only Rajiv will be able to decrypt only with his private key.

Back To What is HTTPS?
Go To SSL Certificate Explained