How it works
Using RSA encryption, a private and a public key are generated on the server. As their names imply, the private key should be kept a secret and the public key can be given to anyone. Anyone with the public key can use it to encrypt a message that can only be decrypted by someone with the private key. Here, the message is encrypted on the client side (browser) and then sent to the server to be decrypted. Because this is a demonstration, the private key is not saved on the server and is therefore sent along with the encrypted message. In practice, the private key would be saved on the server.
Give it a try! After you have seen it work, try to 'break' it 😈
Spoilers
Warning