Public Key vs Private Key in RSA

Public Key vs Private Key in RSA

In RSA cryptography, a key pair consists of two mathematically linked keys that serve complementary purposes. Understanding the distinction between them is fundamental to using RSA correctly.

The Public Key

The public key is designed to be shared openly. It consists of the modulus n and the public exponent e. Its roles include:

• Encrypting data — anyone can encrypt a message that only the private key holder can read
• Verifying signatures — anyone can confirm that a message was signed by the corresponding private key

Public Key (PEM header):
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A...
-----END PUBLIC KEY-----

The Private Key

The private key must be kept secret at all times. It contains the modulus n, the private exponent d, and additional components for efficient computation (the CRT parameters p, q, dp, dq, qinv). Its roles include:

• Decrypting data — only the private key can decrypt messages encrypted with the corresponding public key
• Creating signatures — digitally signing data to prove authenticity

Private Key (PEM header):
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASC...
-----END PRIVATE KEY-----

Key Relationship

The mathematical relationship ensures that:

• Data encrypted with the public key can only be decrypted with the matching private key
• A signature created with the private key can only be verified with the matching public key
• Deriving the private key from the public key is computationally infeasible

Common Mistakes

1. Committing private keys to Git — use .gitignore and secrets management
2. Sharing private keys between services — each service should have its own key pair
3. Using the same key pair for encryption and signing — use separate pairs for each purpose
4. Not setting file permissions — private keys should be chmod 600 (owner read/write only)