I give up – I want to call private keys “locks” because there’s only one and then public keys can be keys because it’s a different entity than a private key and can be duplicated. Isn’t that easier to understand?

So when you are signing, you put your lock on the message and anyone who has the key can unlock it. And they know that it’s ONLY from you because those keys only work on that one lock. [BTW – you are not literally locking the message. It’s more complex than that. The message is not actually safeguarded, but with digital signatures, you have a mechanism of letting the recipient compare the message they received with the message that they were supposed to receive, which is a little digest you created and locked up and sent along with the message. They are not unlocking the message, but this digest. Then they do the same thing to the message that they received that you did in creating the digest. The digests should match. All that we achieve here is determining if someone tampered with the message on the way. If so, you dont want to accept it.*]

When you are encrypting you only want one person to read the message. So you attach a key, that anyone could have, but it only unlocks ONE lock. That is the lock of the designated recipient. So only that person has the lock that they key fits into.

Well, although you can’t stretch the analogy too far, it still works for me.

*see??? I can explain it in my own words now!! BIG GRIN!

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!