# Why in the public API use of public key and secret?

Noticed that some services for authentication use the approach of giving users 2 keys instead of one: public key and secret. Can't understand why this is necessary if the requests still are under the hood and signed using the token which is generated from the previous two keys. Why not throw the extra step of generating the token, it immediately generates it on the dashboard and use? Or am I missing something?
March 19th 20 at 09:06
March 19th 20 at 09:08
Solution
To answer this question it is necessary to understand what is asymmetric encryption.

A brief explanation. Asymmetric encryption is used for secure data transmission in an obviously unsafe environment. Using symmetric encryption algorithms, both parties must agree in advance about what key to use, which is potentially unsafe because the key can be intercepted and perform an attack of type MITM or listening, or forging packets.

Commonly used Diffie-Helman as the most simple. Important! In its pure form, the implementation of this algorithm is vulnerable to several types of attacks so often used modified versions of it.

It works like this.
Alice and Bob want to exchange messages.
1 step. They publicly agree on using a specific formula to calculate the correctness of their keys. For this example, - a^x (mod b), where A public key using a formula and b is a public key of the opponent, and x is the secret key.
Step 2. Each thinks up a secret number. For Alice, for example, 3 and Bob - 6. This number is not transmitted anywhere but is computed the execution result of the original formula. A^3(mod B), and the result (for Alice and Z - for Bob - U).
Step 3. They exchange the results and evaluates the formula, by substituting the number of the resulting value of the opponent. For Alice this will be Z^3(mod B). And the result of this action the key (it will be the same for both) will be the key signature for the exchange of further messages.
March 19th 20 at 09:10