Very Simple Puplic Key Encryption and Certificates

Possibly the most important idea used to secure your data and authentication is Public-Private Key encryption. I learned to do the maths of this in college and while I can do it on pen and paper I'll confess I don't fully understand the mathematics, it has something to do with prime numbers and prime pairs but you don't need to understand the maths, in fact you don't need to understand the maths to be able to design a system based on these concepts. All you need to understand is it's a form of encryption where one key encrypts the message and another key decrypts it.
Possibly the most important idea used to secure your data and authentication is Public-Private Key encryption. I learned to do the maths of this in college and while I can do it on pen and paper I'll confess I don't fully understand the mathematics, it has something to do with prime numbers and prime pairs but you don't need to understand the maths, in fact you don't need to understand the maths to be able to design a system based on these concepts. All you need to understand is it's a form of encryption where one key encrypts the message and another key decrypts it.

Encryption and the keys

Encryption is a way of rendering a message or some data unreadable and decryption is the process of rendering an encrypted message readable again. Older forms of encryption relied on obscurity about how it worked like the Cesar cipher, that involves counting up 13 letters to get your code. 'A' becomes 'K' for example. The nice thing with this code is you just count up another 13 letters to decrypt it again. The problem with codes like this is that once someone knows how it works they can always decrypt it. Modern mathematics based encryption use a secret key, a number used to encrypt or decrypt the message. If it's done right your enemies can know exactly how everything works but as long as they don't have this key they can't decrypt your message.
Public Private Key encryption uses two different keys, a public key and a private key. The public key is used for encryption, it's called the public key because they can give it out to the public, put it on your website, give it to your enemies and they can not decrypt your private messages with it, only encrypt. Your Private key is the one you keep private, away from prying eyes, this is the one that can decrypt your messages, as long as the private key is safe it doesn't matter who has the public key. Why is this important?

For email
Say you live somewhere with a lot of nasty people, a totalitarian dictatorship; even the ISP's in this example are crooked and your neighbors are computer criminals. Normally email is send unencrypted, anyone that has access to the route between you and the sender of the email can read its contents. What you need to keep it safe is encryption. The problem is how do you share an encryption key safely in such an environment, with normal symmetric encryption alone you can't. If you send the key they can read it and decrypt your messages.
So what you do is Public key encryption. You can safely email the public key, put it on a website, show it the whole world, it doesn't matter because it can only encrypt the message. Your friends or anyone else can encrypt messages and send them to you, and only you can decyrpt them.

For communication
In technologies like HTTPS used for securing websites and WPA used for securing WiFi; this kind of encryption is used in an early stage then used to exchange a key for symmetric encryption. You can read more about this in my WiFi series but the jist is


For Authentication / Certificates
This is where things get clever. Certificates are used when your computer downloads updates or when you connect to your banks website to make sure you are actually connecting to the provider. To confirm that they are who they claim to be. So how do they do it. If they just sent some piece of data what's to stop someone going to your banks site, saving the cert and using that cert from their site, there'd be no way to tell. Well what the people trying to secure this stuff can do is give out public keys to everyone, in fact you have a bunch built into your web browser when you get it.
Then when you connect to the service. Your browser can encrypt information like a random key generated by your computer with the public key and the server can decrypt it and use that key the fact that the service provider (Microsoft, your Bank, etc) can decrypt that and continue communication using that random number as the key proves they have the private key and so are who they claim to be.