Interactive PKI Tutorial

Private and Public Keys

Public key cryptography uses a pair of mathematically related keys. The private key must be kept secret, while the public key can be shared freely.

Private Key

Used to:

Sign data (creates digital signatures)
Decrypt data encrypted with the public key

⚠️ Must be kept secret and protected!

Public Key

Used to:

Verify signatures created by the private key
Encrypt data (only the private key can decrypt it)

✓ Safe to share publicly

Example: End Entity Key Pair

Private Key

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrUGhyAUwd3jWr
1YLHvuS2kKFVWMk7Xezoicx8RD2v/NoBXt7kaJcgUoUuq/5U+ASgj6yGWyl6Cnlw
oVVfaY3H7tTLs9Qj+HWpm6BOH1TFz0ooDXjiNaHB1ceai40QQI1jMxe/pih9wYvV
MYNXohgTyK5sc+AngVdXZqz/rj59IlgeVal873ReEZyHEUUDNkoBSy2DrRXv/Vfk
6ouVm1d+1c114Sk6apkkJ60uGlMC7DTWyowkoqBsrDYFbFCoWpb4Ef3Tk2V5DpCQ
3D8IJWV/1llj3gaPqib790njxixaZ+wHZWJ3QjR4LUeIIcyHroty9veIOX8rCI0c
xXzY/iHzAgMBAAECggEADn4H+YD9/fBy4Bb48DBIOK0fVARMF09L5j4ZN0THzSmZ
2nZt0USLaFevkZh8mvzvDOAqnnEVOKnf+egdonhgK9MBKG+NjJkNTYXvUTyNFz2a
dROMSUkNM12EFbq+Rur9d8nDAnQqRiOUUm3Uweb7nEAK7vzJSfF2QI9C8+kH7ndQ
xlkkCWTIw9m9IXQmF9rr498wJDkkcmEIO4lCDAwX0PodP1PsI3iAIvqJbpc17o6g
jBSQXU7FHp77F2ct1nFtjmPfuMHxLfL++i/O62LRisLfLcS0jCi/pkaxWzHim1g9
+6JrvTa7XR5UKU00lkCiUvc8nBevV1iyc4H3rLczMQKBgQDVshx4HU8tF3spRZ0Y
+6yg6Ddt3pBNhhh1pvW4roRF90wGiUFkZ3pz56ahGuMyilQ5J3Arfaw1/zkeKHYD
5U0uU+kQ9FYK4SBpP9NgPf6zkvBVz2X3J005t7IyAQOtqQncHVG6cKpvBrY1mB+C
gv0p16B4CYRvu92JneCBpu0J8QKBgQDNOm/DcCDN7icaqzug1rTvEUwxTNSugPWm
QdvMMqPgeWqZMe86jEnGnEXQKCYyre/rRPNzcAWOKbcTj3L688hc7P7JBSfio9Eh
mKJ1Phv1PsMLLIZSrpYg1rCF50YVvpNuIaAZd6iomGHGZeoNYzn3+MVHMmARkho4
R0HQDNwmIwKBgQDKbhjt58XTD0VKSXmR6wcSvieT2puT9I1DFk/7DMaciLDqGCdr
92JWXYDJaHEEtWknYyas7DWwSP9QhD+XXSYJ1s8Xkn3XfH95dE7GArQ+Y9lrUDZl
NEPBgzQ4jiFv5otCijubg5LP7em5R0vCFFfBxVNroohkV/B6pqW/6+Lr4QKBgDMh
hAblQMcNtqBmWQzRcXK+lIUT50kyyAEMF37gfwPGPFC+qCOmIBtjg+FAn4Ow4j1z
iFQSbM/mhL5S1wq/AgRk53Wd2zoUJl6AcLlVKBIJ+P4nsa+X379+vawe2s9AE+s0
ZXby4QpgLLwJWC7Nsfud90itvFGkXPP4jOUQzyiRAoGAXLfJRK2re7oKmZ8V5PjW
dloEaE2CJOaxdX2/hla/4XLNIaw4h992EdBdZsCvNZbR/em20YmCQbI45xAsPNAW
TKcQ3ICOTT6gMLgPZi7l/j2zxziStTrhgWRHPn7n8YEGZ59Mf1U8B/1Zm/AuCB+Z
4WU/hll/bjROwvzOpL/RtIM=
-----END PRIVATE KEY-----

⚠️ This private key is shown unencrypted for educational purposes only. In production, private keys are always stored securely.

Public Key

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1BocgFMHd41q9WCx77k
tpChVVjJO13s6InMfEQ9r/zaAV7e5GiXIFKFLqv+VPgEoI+shlspegp5cKFVX2mN
x+7Uy7PUI/h1qZugTh9Uxc9KKA144jWhwdXHmouNEECNYzMXv6YofcGL1TGDV6IY
E8iubHPgJ4FXV2as/64+fSJYHlWpfO90XhGchxFFAzZKAUstg60V7/1X5OqLlZtX
ftXNdeEpOmqZJCetLhpTAuw01sqMJKKgbKw2BWxQqFqW+BH905NleQ6QkNw/CCVl
f9ZZY94Gj6om+/dJ48YsWmfsB2Vid0I0eC1HiCHMh66Lcvb3iDl/KwiNHMV82P4h
8wIDAQAB
-----END PUBLIC KEY-----

✓ This public key can be safely shared and will be embedded in the certificate.

Key Concept: These keys are mathematically related. The public key (shown above) will be embedded in the certificate (Chapter 2), allowing others to verify signatures created with the private key and encrypt data that only the private key can decrypt.