If I give someone only the public key, can he write messages for himself?

I want to distribute license keys, which an application at the customer premi开发者_StackOverflowses will need to decode.

I was thinking to give him the private key, so that the app can decode, and keep the public key for myself in order to encrypt license files.

Now, the n00b question is: if I give him only the private key and keep the public key very, very safe, can he create license files which can be decrypted by the private key?

I know that I seem to be standing everything on its head here, but I hope that you can see why.

No, he can't.

Keys are made in pairs; one is called "public" and the other "private", but that's an arbitrary choice. I think you're using the terms in an odd way (the keys are "public" and "private" from the point of view of the customer), but the scheme is secure as far as it goes.

The private key is what you keep safe. The public key gets distributed to the general public... hence the names, private & public.

Anything encrypted with one of the keys can only be decoded by the other key, which is the whole point of public key encryption. In this case, you'd encode the license key file with the private key, and then the user can decrypt it with the public key. Of course, anyone else with a copy of the public key can decrypt the license file as well, but that's another problem.

Functionally, there's no difference between the two keys. It's entirely arbitrary which is public and which is private. Just never ever reveal the contents of whichever key you decide is the private one.

This answer is almost a year late, but I just happened to come across this question.

If you don't mind that the license key file is readable (after all, the customer has the key to decrypt it), instead of encrypting the file, why don't you just digitally sign it?

You would sign the file with the private key, which you keep safe, and verify the signature in the app using the public key, which the customer gets a copy of. The license key file cannot be modified without breaking the signature.