What is a Private Key

A private key is one half of a mathematically linked key pair used in asymmetric cryptography. You never share your private key with anyone. It decrypts data that was encrypted with your public key and creates digital signatures that others verify with your public key.

How it works

When you generate a key pair, the algorithm produces two values that are mathematically linked. The private key is the secret half. In RSA, the private key contains the prime factors of a large number — knowing those factors lets you decrypt, while the public key only contains the product. In elliptic curve cryptography, the private key is a scalar that, when multiplied by a known curve point, produces the public key.

Private keys serve two purposes:

• Decryption — someone encrypts a message with your public key. Only your private key can decrypt it.
• Signing — you sign a message with your private key. Anyone with your public key can verify the signature is authentic and the message has not been altered.

If your private key is compromised, the attacker can decrypt all messages sent to you and impersonate you by creating valid signatures. This is why private key security is paramount:

• Store private keys in hardware security modules (HSMs) or secure enclaves
• Use OS keychains (macOS Keychain, Windows DPAPI) rather than plaintext files
• Protect SSH keys with passphrases
• Rotate keys regularly and revoke compromised keys immediately

Why it matters

The security of every TLS connection, SSH session, code signature, and cryptocurrency wallet depends on private keys staying private. A compromised server private key breaks TLS for that domain. A compromised signing key lets attackers push malicious code. Private key management is not an implementation detail — it is the foundation of trust in all asymmetric cryptography.

See How Asymmetric Encryption Works for the full explanation.