Continuing my explanation of how encrypted communications work, here’s how public/private key cryptography works: First Alice creates a special file called a “private key” using a public/private key algorithm (like this one) and then uses that file to generate a “public key”.

She gives the public key away to anyone she can and keeps the private key private (sort of like a password except that it’s too big to memorize and is therefore stored in a file). She can use the private key to encrypt a message in such a way that only the public key can decrypt it.

This is pretty useless for encryption since anyone who has the PUBLIC key can decrypt it; however it does solve our problem of detecting someone modifying our message.

Mallory can’t replace our message because if she does she will have to encrypt it with Alice’s private key (which she does not have), and Bob will know it wasn’t encrypted with Alice’s private key because it does not decrypt correctly. She also can’t modify Alice’s messages because that would logically mean making an entirely new message. This is called a “digital signature”.

Now Alice and Bob can exchange keys without Mallory being able to eavesdrop on them so long as Alice encrypts the number that she sends with her private key. Bob does not need to have a private key as he can actually encrypt the number he sends using Alice’s public key in such a way that only Alice’s private key can be used to decrypt it.

They can now communicate with each other safe from both Mallory and Eve; however this method requires “prior secrets”. In other words this method requires that Bob already have Alice’s public key. Alice can’t simply transmit her public key to Bob over the Internet because then Mallory could just replace it with her own. She also can’t sign her public key with her private key (creating a “self-signed certificate”) because Bob doesn’t have Alice’s public key to verify it with.

This is where “trusted third parties” come from.