Put simply cryptography is the art and science of keeping information secure. This involves the use of encryption (and decryption). The use of cryptology in today's world also means that there must also be checks to ensure that a communication was indeed written by the person it claims as the author (using digital signatures). In addition cryptographic systems must ensure that a message after decryption corresponds to the original message prior to encryption.
Traditional cryptography is based on the sender and receiver of a message having the same secret key, i.e. the same key is used for both encryption and decryption. This method is known as symmetric cryptography. The problem with this method is that the sender must communicate the secret key to the receiver; the sender cannot guarantee that the key will not be disclosed to unauthorised persons during communication.
Key management
Key management describes the generation, transmission, and storage of cryptographic keys. As symmetric cryptography has always experienced key management problems, the concept of public-key cryptography was introduced.
Public-key cryptography
In public-key cryptography each person gets a pair of keys, one private and one public. Public keys are available to everybody, but private keys are kept secret. Communications transmit public keys, whilst no private key is ever transmitted or shared. Encrypted messages are sent openly without the need of secure lines of communication, and are decrypted using private keys. The only requirement is that public keys be associated with their owners (for example in a trusted directory). This method can also be used for authenticating messages (using digital signatures).
Encryption
When Sue wants to send a secret message to Bill, she uses Bill's public key to encrypt the message and sends it off. Bill then uses his private key to decrypt the message so that he can read it. No one can decrypt the message without Bill's private key. This security of this system for communication depends upon the assumption that it is not possible to work out private keys from their corresponding public keys.
Digital signatures
For Sue to sign her message to Bill she does a computation involving both her private key and the message itself. The result of this computation is called a digital signature, which is attached to the message prior to its transmission. After receiving the message Bill wants to verify it as being genuine. He therefore carries out a computation using the message, the signature he has received, and Sue's public key. If the result of this computation is compatible with a simple mathematical relation then Bill knows that the message is genuine, i.e. it isn't fraudulent and hasn't been tampered with.
Public-key cryptography does have distinct advantages over symmetric cryptography:
As with most things there are also disadvantages:
There are situations where public-key cryptography is not necessary, and secret-key cryptography alone is sufficient, for example where two parties meet in private to exchange secret keys.
In addition public-key cryptography is not necessary in a single-user environment, so that if you wish to encrypt your own personal files you can use any secret-key encryption algorithm using say your personal password as the secret key.
In general public-key cryptography is best suited for an open multi-user environment, and is not meant to replace secret-key cryptography. A combination of both methods offers the best level of security.