Asymmetric Cryptography

Asymmetric cryptography is the model behind most modern security, including the DKIM signatures that authenticate your email. It uses a pair of mathematically linked keys: one that locks (or signs) and one that unlocks (or verifies). Crucially, the two are different — what one key does, only the other can undo.

This is what makes it possible to prove authenticity in public. You keep the private (locking) key secret and publish the public (unlocking) key for the whole world to see. When you sign something with your private key, anyone can use your published public key to confirm it really came from you and wasn't altered — without ever having access to the secret key itself.

In email, your outgoing server signs each message with a private key only you hold, and you publish the matching public key in DNS. A receiving server uses that public key to verify the signature. If it checks out, the message is authentic; if it doesn't, the recipient knows not to trust it.