As I understand, we choose the public and private keys to be mutual inverses. However, it is possible that, in a group, there can be numbers which are their own inverses. E.g. Consider p = 7, q = 3. n = 21, phi(n) = 12. For the group G = {s | gcd(s,21) = 1} there are four numbers 1, 8, 13 and 20 which are their own inverses.
In such a case, it is possible to choose these numbers as both private and public keys. Isn't it?
Let me know if I have understood this correctly.
That's correct. In some cases, you could, if you really wanted, make a public key equal the private key. It would completely negate the benefit of using a public key cryptosystem, though, because access to the public key would imply access to the private key. It would turn it into a crappy symmetric scheme.
As noted in comments, most common RSA implementations set the public exponent to a fixed value, usually a Fermat prime like 3 or 65537. In that case, for an appropriately-sized modulus, there is no chance for the private exponent to equal the public exponent. The private exponent is always larger.
