Public-key encryption is an encryption technique that involves a pair of keys instead of only one key like with symmetric encryption. The key pair consists of a Public Key and a Private Key that are created to work together. Anything encrypted with one key can only be decrypted by the other key.

The Public Key is meant to be distributed at large and the Private Key is meant to be held only by a single party. The Public Key, which can be held by many parties can be used to encrypt a message to be sent to the holder of the Private Key. Only the holder of the Private Key can decrypt the message. The reverse process (using the PrivateKey to encrypt data) is useful for digitally signing documents, so that, for example, the holder of the Private Key can use it to encrypt data which only holders of the Public Key can decrypt. The holders of the Public Key can then be sure that the author of the encrypted data can only be the holder of the Private Key.

Public-key encryption is generally slower than symmetric encryption and is therefore less suited for encrypting large amounts of data. The public-key encryption algorithm currently supported by the Xceed Encryption Library is the RSA algorithm. See the definition of Digital Envelope in this manual for a description of a technique which provides the flexibility of a public-key encryption algorithm with the speed of a symmetric encryption algorithm.