Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private. If the lock/encryption key is the one published then the system enables private communication from the public to the unlocking key's owner. If the unlock/decryption key is the one published then the system serves as a signature verifier of documents locked by the owner of the private key. Although in this latter case, since encrypting the entire message is relatively expensive computationally, in practice just a hash of the message is encrypted for signature verification purposes.
This cryptographic approach uses asymmetric key algorithms such as RSA, hence the more general name of "asymmetric key cryptography". Some of these algorithms have the public key/private key property; that is, neither key is derivable from knowledge of the other. The public key is used to transform a message into an unreadable form, decryptable only by using the (different but matching) private key. Participants in such a system must create a mathematically linked key pair. By publishing the public key, the key producer empowers anyone who gets a copy of the public key to produce messages only s/he can read -- because only the key producer has a copy of the private key (required for decryption). When someone wants to send a secure message to the creator of those keys, the sender encrypts it using the intended recipient's public key; to decrypt the message, the recipient uses the private key. No one else, including the sender, can do so.
Thus, unlike symmetric key algorithms, a public key algorithm does not require a secure initial exchange of one, or more, secret keys between the sender and receiver. These algorithms work in such a way that, while it is easy for the intended recipient to generate the public and private keys and to decrypt the message using the private key, and while it is easy for the sender to encrypt the message using the public key, it is extremely difficult for anyone to figure out the private key based on their knowledge of the public key. They are based on mathematical relationships (the most notable ones being the integer factorization and discrete logarithm problems) that have no efficient solution. The use of these algorithms also allows authenticity of a message to be checked by creating a digital signature of a message using the private key, which can be verified using the public key. Public key cryptography is a fundamental and widely used technology. It is an approach used by many cryptographic algorithms and cryptosystems. It underpins such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP, and GPG.
The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public encryption key and a private decryption key. The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to the recipient. Messages are encrypted with the recipient's public key and can be decrypted only with the corresponding private key. The keys are related mathematically, but parameters are chosen so that determining the private key from the public key is prohibitively expensive. The discovery of algorithms that could produce public/private key pairs revolutionized the practice of cryptography beginning in the mid-1970s. In contrast, symmetric-key algorithms, variations of which having been used for thousands of years, use a single secret key — which must be shared and kept private by both sender and receiver — for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance. Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP and the SSL/TLS family of schemes do this, for instance, and are thus called hybrid cryptosystems.