# PKI - Public and Private key pairs

Last updated:**PKI** or, *public-key infrastructure,* is a mathematical way of securing communication between two ends.

The reliability of this method rests on some properties of **prime numbers**.

**Prime numbers** are just integer numbers that have no smaller number that divides them, producing another integer, **e.g.:** 13 or 7 or 23.

It just so happens that nobody has yet created an **effective factorization (or factoring) algorithm** that, given a large number **a**, quickly outputs the list of numbers that divide **a**. For example, such algorithm would, if given **24** as input, output the list of numbers that divide 24: **1, 2, 3, 4, 6, 8, 12, 24**. There are, of course, some algorithms to do this but most of them **aren't very fast** and take waaay too much time (decades) to factorize a number with, for example, 200 digits.

So some computer scientists have noticed that this could be used to encrypt data being sent over a network.

That's where the concepts of **public key** and **private key** come into play.

Since large number are very hard to factorize, you could choose two very large (100 digits or more) **prime numbers** and multiply them together, yielding a (roughly) 200-digit number.

Generating large primes and performing multiplication, albeit with large numbers, is **relatively straightforward**.

Having the two (large) prime numbers and the (even larger) product of both, you could now create an **encrypting mechanism** whereby the product would be a **lock** and the two prime numbers a **key**.

As is the case with real-life locks and keys, your house isn't rendered less secure because your front door **lock** is exposed to everyone. Only by having a **key** can you enter your house.

That's **exactly** what happens when you use a **PKI** to secure communication between two parties. The difference is that the **lock** is called **public key** and the **key** you would use to open your home's door **private key**.

The **public key** (product of the two primes) can be used to verify that you have the correct primes that, when multiplied, yield that product. However, due to practical difficulties mentioned earlier in factorizing a large number, the **public key** can't be used to derive the **private key**, rendering the method safe.

**N.B.:** this is an oversimplified explanation of a PKI. Although qualitatively correct, there are many technical details that were left out.