Encryption and signature are two different concepts, and both involve the concept of public key and private key. A public key and a private key are equivalent to a key and a lock. A lock can be used to lock things, and a key can be used to open the corresponding lock. A key can only open one lock. Of course, both keys and locks can be copied.
Encryption is equivalent to generating a lock and a key by myself, and then sending the lock to you. You use my lock to lock what you want to send to me, and then send it to me. After I receive it, I use the key to open the lock. Everyone in the world can get my lock, but only I have the key to this lock. In this example, the key is equivalent to the private key, and the lock is equivalent to the public key. Digital encryption involves three processes:
- Generating a pair of public and private keys
- Encryption: public key + plaintext -> ciphertext
- Decryption: private key + ciphertext -> plaintext
Signature is equivalent to generating a lock and a key by myself, then locking the content I want to publish with my lock to form a signature, publishing the content and signature together, and telling everyone what my key is. People can get the key to open the content of the signature to verify that it is the same as the published content. Everyone in the world can get the key to verify the consistency of the signature and the content, but only I have the lock for the signature. In this example, the key is equivalent to the public key, and the lock is equivalent to the private key. Digital signature involves three processes:
- Generating a pair of public and private keys
- Signature: private key + content -> signature
- Verification: public key + signature + content -> whether the content has changed