Public keys and private keys are the working parts of Public-key cryptography. Together, they encrypt and decrypt data that resides or moves in a network. The public key is truly public and can be shared widely while the private key should be known only to the owner. In order for a client to establish a secure connection with a server, it first checks the server’s digital certificate. Then, the client generates a session key that it encrypts with the server’s public key.
The server decrypts this session key with its private key (that’s known only to the server), and the session key is used by the client-server duo to encrypt and decrypt messages in that session. In case of email communication, the sender’s private key signs the message while the recipient’s public key verifies the sender’s signature. This is why the private key should be kept secret– exposing it will pave the way for hackers to intercept and decrypt data and messages.
Due to their importance in safeguarding critical data, public-private key pairs or the PKI in general has to be managed with utmost diligence.