Cryptography, encryption, decryption, and public and private keys are concepts that have always been difficult for me to grasp. As the brilliant physicist Richard Feynman put it, if you can’t explain something in simple terms, you don’t understand it. Therefore, I will try to explain these concepts as if I were teaching them to a child. OK, maybe more like a teenager, but you get what I mean.
How it Works: The 1-Minute Explanation
Cryptography is just a big, scary word to describe a way for you to send (encrypt) and receive (decrypt) things privately. In this case, privately actually means secretly—but with pure intentions and no guilt.
Now, we’re talking about asymmetric cryptography, as opposed to symmetric cryptography. The difference is that the latter forces everyone involved in the communication process to have previously exchanged the same key used to encrypt data before it can be decrypted.
To send things privately using asymmetric cryptography—also known as public-key cryptography—you need a pair of keys. The person who receives it has two keys of their own as well. The best way for me to think about it is this:
- A public key is like a bank account number.
- A private key is like an ATM PIN.
You can share your bank account with anyone, but you should never share your PIN.
You use your ATM PIN to securely send money to others if you have their bank account number. Afterward, they’ll use their PIN to validate access to their account number when they go to the ATM; they’ll know where the money came from because they’ll see your bank account number in the transaction. And the other way around.
Similarly, when you sign any kind of information with your private key and then encrypt it with the recipient’s public key, you’ll achieve three things:
- You assure only the intended recipient will be able to read it, by decrypting it with their private key.
- The recipient will have the guarantee that you sent the message.
- You’ll both know that the message has not been modified by anyone.
What’s The Point of Cryptography?
As with all analogies, this one starts to fall apart if you push it too far. But, using it can help you understand how cryptography (encryption + decryption) works with asymmetric keys.
WhatsApp and Messages (for iOS) are two apps that use this type of encryption. Web pages that start with “https://“ instead of “http://“ also use encryption, but of a slightly different kind.
Like PINs, encryption alone will not be enough to make you safe. For example, you’ll also need to trust the person or the company you are communicating with. Often you don’t need to do anything; you just need to make sure the apps and sites you use can provide strong encryption by default.
It looks complex, but as you can hopefully see by now, it’s simpler than it seems.
This is important because encryption is also like the air in the space between us in the real world. When you’re talking to someone, you know that only the people around you will be able to listen. We take that for granted, but it’s a fundamental and healthy part of our society that we need to apply to the digital world.
The Magical Encrypted Spy World
Plan B: If the child is falling asleep, just say that asymmetric cryptography creates magic mathematical anti-spy shielded boxes with secret keys to make their messages invisible.
Are you a grown-up developer that already knew about encryption but always wished security, scalability, and quality were much easier to achieve? Then you might want to give OutSystems a try.