While it is a relatively simple mechanism to come up with a key pair when generating both keys at the same time, it is extremely difficult (in cryptographic terms, computationally infeasible) to derive one key from the other.

When generating a key pair, one of these keys is designated the public key, and the other is designated the private key. The public key can be made widely available, but the private key should be kept secret and not shared with anyone. As long as that is the case, then you can use this key pair to perform two different functions.

Function Description

Encryption (also called confidentiality)

If someone wants to send you a secret message and doesn’t want anyone else to be able to read it, they can encrypt it with your public key, and since you are the only one with the private key, only you can decrypt it.

Digital signatures

If you encrypt data with your private key, then it can only be decrypted with your public key. Since your public key can be made widely available, then this encryption doesn’t actually protect the content, but it does prove that the message came from you because only your private key could have generated it.


When generating a digital signature, you typically don’t encrypt the entire message, but rather a hash of the message such as using a digest algorithm like SHA-256. This can also provide integrity protection because if the decrypted signature matches the digest of the original message, then it guarantees that not only the message came from you, but that it hasn’t been altered since you signed it.

There are two primary public key algorithms that are used in certificates used for TLS communication: RSA and EC. RSA is based on multiplying really big prime numbers together, while EC is based on computations involving special types of elliptic curves.

RSA is more widely supported, but it’s slower and requires bigger keys to achieve the same level of security as EC. If you need to support legacy clients, then you probably need to use an RSA certificate, and you should choose a key size of at least 2048 bits. But if all of your clients support elliptic curve certificates, then EC might be the better choice, with a key size of at least 256 bits.