To me, the "lock that turns two ways" analogy is good but slightly forced.
A
private key is a key that can be used to
generate any number of
public keys that are secretly related to it ... and they share one critical, so-called
asymmetric, magickal-
voodoo, mathematical property:
- A message that is encrypted with one type of key, can only be decrypted by the other type.
Bob can encrypt a message using one of Alice's public keys, but, having done so, cannot reverse the process. Edgar, who was issued another of Alice's keys, also can't read Bob's (or, Edgar's) message. Only Alice can. Likewise, Alice can create a message that she can't read, but Bob or Edgar can. (Of course, Alice alone has the privilege of generating yet another public-key with which to subsequently read her own message. But to complete the round-trip from plaintext to ciphertext to back again requires
two keys, one of which is kept secret and the other of which need not be.)
Likewise, if either Bob or Edgar receive a message and are able to decrypt it using either one of the public keys, they therefore know that the message
must have come from Alice
(or, someone who is in possession of Alice's private key), because
only the possessor of that one private key could have created a message that they were able to decrypt.
The other essential concept is that of
message signatures, created by "hashing" algorithms such as SHA1 or MD5. Alice can sign a message – even if she does not encrypt the body of it – by attaching a signature which consists of a hash of her message that is then encrypted using her private key. Bob or Edgar can decrypt the hash – discovering that they can do so – and then check it – discovering that it matches.
Ergo, the message must be authentic, and untampered.
Certificates can also be signed. In fact, a "certificate"
is a bundle that contains a public-key and one or more confirming "signatures." Both the key and the accompanying signatures are (securely) shared during the initial handshake exchange. So, you can't (somehow) steal a key from one certificate and drop it into another, because you can't sign the result.
Because these technologies are secure but expensive, most crypto technologies use
symmetric ciphers ... and randomly-generated keys ... to secure the body of the message, then use asymmetric techniques to conceal the keys in the same way that message-signing secures the hash-values. This is what allows you to use PGP to generate an encrypted
document that only certain people (but,
several people) can read. Readers must possess their secret private-keys in order to read the document, but the preparer of the document needs only their public keys to do so. "Brute forcing" the underlying symmetric key is unfeasible.