TLS is using digital certificates for authentication. Use of digital certificates for authentication is based on properties of Public/Private Key Pair. This page contains necessary background information on properties of Public/Private Key Pair.

There are algorithms that allow to generate random pair of keys with following two properties:

  1. It is impractical task (in terms of amount of efforts and needed computer time) to try to recover one key in the pair when only another key in the pair is known.
  2. If some message is encrypted with one key of the pair, it can only be decrypted back with another key of the pair.

Typically, person or entity will generate one such random pair of keys and make one key publicly known and publicly associated with person's or entity's name. The second (matching) key is kept secret to allow person or entity to decrypt messages encrypted with public key or to confirm person's or entity's identity by proving ownership of the matching secret key.

The first property allows one to make one key of the pair known to the public without risking that anybody will be able to recover the second (private) key of the pair (which is kept secret). Recovering one key by known another key, typically, amounts to resolving mathematical problem that does not have analytical solution or fast numerical algorithm that leads to solution. The amount of needed computer time grows exponentially with key length increase. The key should be long enough to make the task impractical. Two known mathematical problems are:

The second property allows to use the pair for: