What is a private key and what is a public key?
SSL is based on the encryption of data using a private and a public key.
A private key is created by converting a string of automatically generated text to a key file with the use of a mathematical algorithm, giving it a unique value. This private key file is then used to generate a Certificate Signing Request (CSR), which in turn can be used to create an SSL certificate. During the CSR process, a public key is generated. The private key must remain secret at all times. The private key is used in the encryption process of certificate-signed data, and decryption of encrypted data.
The public key is generated during the CSR creation process and can be distributed publicly. A public key is used to encrypt information that is only intended for the owner of the private key. The combination of the private and public key can then be used to decrypt the information. A public key can also be used to verify the sender of a message as the owner of the private key.
The strength of the encryption of a certificate is largely inherent to the encryption algorithm that was used to generate the private key. Hackers are intent on breaking these encryption algorithms: if the algorithm is out in the open, it can be combined with a public key to find the corresponding private key. Until recently, the RSA algorithm was most commonly used, but the ECC or Elliptic Curve Cryptography algorithm is quickly growing in popularity. This algorithm can create a much smaller key while not losing any strength when compared to the much larger RSA keys. For instance, an ECC key of 228 bits is just as safe as an RSA key of 2380 bits. More and more Certificate Authorities are therefore moving away from RSA in favour of ECC.
Frequently asked questions
About SSL certificates
- What is a common name?
- What is a private key and what is a public key?
- What is a wildcard certificate?
- What is an intermediate certificate?
- What is a root certificate?
- What is SNI and when do I need it?
- What are cipher suites?
- What is HTTP Strict Transport Security (HSTS)?
- What is OCSP?
- How does file approver work?