These are fundamental concepts for PKE:

• pair of keys - attributed uniquely to one entity (server, client, etc.) a pair of cryptographic keys. One of them, \(sk\), is secret: remains under sole posession of the owner and must not be revealed to other parties. The other, \(pk\), can and is made publically available; by its nature it is impossible to derive \(sk\) knowing \(pk\). In reality, the keys are some large, specifically chosen numbers, and using them in calulations one can perform cryptographic operations.
• encryption - one of the basic cryptographic operations transforming a plaintext message \(M\) into a ciphertext \(C\), using key \(k\): \[ C = Enc_{k}(M). \] By design, without knowledge of decryption key it is impossible to recover \(M\) from \(C\).
• decryption - is the inverse of encryption, namely, with a ciphertext \(C\) of a message \(M\) and key \(k\) one can calculate \(M\): \[ M = Dec_{k}(C). \]

Using fundamental concepts of PKE one can perform the following operations.

Encryption

Suppose a user (typically called Alice) wants to communicate with another (Bob) sending an encrypted message. Let \(M\) be the plaintext message and \(pk_B\) be Bob's public key (as such it is known to Alice). Alice can then encrypt \(M\) like so: \[ C = Enc_{pk_B}(M), \] and send \(C\) to Bob. Recall that by design it is not possible to learn \(M\) from \(C\) without knowing Bob's decryption key, which happens to be his secret key, \(sk_B\). Bob computes: \[ M = Dec_{sk_B}(C) \] thus retrieving message.

Signing

Conversly, suppose that Alice wants to send a message \(M\) to Bob, but now the condition is that Bob must be sure that what he gets is the message from Alice. She calculates, using her secret key: \[ \sigma = Enc_{sk_A}(M), \] and sends \(\sigma\) to Bob. On receipt, Bob uses Alice's public key and calculates: \[ M = Dec_{pk_A}(\sigma). \] Since the pair \(pk_A\) and \(sk_A\) are chosen so, only applying \(pk_A\) to \(\sigma\) yields \(M\), so Bob can be sure that \(\sigma\) was created using \(sk_A\), which in turn must be only in posession of Alice's.

There are different implementations of encryption and signing schemes and some will be discussed later. For now let \(\sigma = Sign(sk, M)\) and \(Verify(pk, \sigma, M)\) be signing and signature verification algorithms under PKE pair of keys (\(pk, sk\)), public and secret, respectively.

Certificate issuing and use

Define a certificate \(CE\) to be a tuple: \((id, P, \sigma_{CA})\), where \(id\) is an identifier of the certificate owner, \(P\) is some set of properties of the owner, among which is the owner's public key, and \(\sigma_{CA}\) is the signature of Certificate Authority (CA) under \(id,P\). The CA is a publically trusted centre that is a recognised organization responsible for issuing certificates (or an organization that obtained right to issue certificates from some other CA). The public keys of all CA's are widely known and published so that each user of the Internet has access to them.

Suppose Alice has the following certificate: \(CE = (Alice, pk_A, \sigma_{CA})\). When Bob wants to make sure that only Alice will be able to understand their communication, he proceeds as follows:

1. Request Alice's certificate CE.
2. With CA's public key \(pk_{CA}\) run \(Verify(pk_{CA}, \sigma_{CA}, pk_A)\) and confirm verification. Since CA has signed the certificate CE, it must have verified if \(pk_A\) in fact belongs to Alice; consequently, if \(\sigma_{CA}\) is valid, then \(pk_A\) must be Alice's.
3. Use \(pk_A\) as encryption key with communication with Alice. As shown above, only Alice can decrypt message encrypted with her public key.

To make possible such use of certificates the whole infrastructure must be maintained. Among others:

• Certificate Authorities are responsible for issuing certificates, maintaining public keys, etc.
• Lists of revoked certificates must be maintained and distributed. A certificate is revoked when it expires, or gets compromised (eg. secret key used for signing it has been revealed).

Notably, there are alternatives to PKI such as Web of Trust or Simple PKI.