From time to time we hear the word encryption. So, what exactly is encryption?
According to Wikipedia, encryption is:
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Nowadays, there are two well-known types of encryption algorithms used to encrypt data. They are called symmetric and asymmetric.
The main difference between the two lies in how the cryptographic keys are used to decode the messages.
Symmetric encryption involves only one secret key to encode and decode information. It uses a secret key that can either be a number, a word or a string of random letters.
The secret key is used together with the encryption scheme to encrypt the plaintext to ciphertext. The sender and recipient need to know the secret key used in order to communicate effectively.
[Image Source: SSL2Buy ]
Examples of symmetric encryption include Blowfish, AES, RC4, DES, RC5, and RC6.
The main disadvantage of the symmetric encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt with it.
So, what is asymmetric encryption?
Asymmetric encryption is a branch of cryptography where a secret key is divided into two parts, a public key, and a private key. The public key can be given to anyone, trusted or not, while the private key must be kept secret.
Either of the keys can be used to encrypt a message; the opposite key from the one used to encrypt the message is used for decryption.
Here is a brief explanation of key pairs…
A public-private key pair implies that if we lock (encrypt) the data with one of them, it can only be unlocked (decrypted) with the other one.
That is, if we encrypt the data with a Private Key, it can only be decrypted using its paired Public Key and nothing else.
Similarly, if we encrypt the data with a Public Key, it can only be decrypted using its corresponding Private Key.
[Image Source: SSL2Buy ]
Asymmetric encryption is also known as Public Key Cryptography since one needs to create a matching key pair and make one public while keeping the other secret.
Asymmetric cryptography main used for authentication and confidentiality.
For example, messages can be signed with a private key, and then anyone with the public key is able to verify that the message was created by someone possessing the corresponding private key.
Then by using proof of identity system, we can identify the person or a group that actually owns that private key.
Thus, providing authentication of the message.
How encryption with asymmetric cryptography works…
Someone with the public key is able to encrypt a message, and then only the person in possession of the private key is able to decrypt it.
Thus, providing confidentiality of the communication.
Examples of asymmetric encryption algorithms
- RSA (Rivest-Shamir-Adleman) – widely used network protocols such as SSL/TSL and SSH rely on RSA for digital signatures between client and server devices.
- DSA (Digital Signature Algorithm) – developed by the NSA as an alternative to RSA for use in verifying the authenticity of digital documents.
- ECC (Elliptic Curve Cryptography) -especially fitted for the mobile device due to its small size when compared to RSA and DSA. ECC uses less computational resources than RSA/DSA.
Benefits and Drawbacks of asymmetric encryption
Asymmetric encryption solves the problem of having to share the cryptographic key beforehand.
However, asymmetric encryptions are much more demanding in terms of computational resources needed to encrypt and send data.
For this reason, asymmetric encryptions are not as effective in real time as in the case of symmetric encryptions.
Most protocols such as SSL/TSL use a hybrid method for better performance.
For example, the client and server asymmetrically decide on a symmetric key (in a process called handshake) to use throughout the current browsing session.
The key to successful use of Asymmetric Encryption is a Key management system, which implements a Public Key Infrastructure. Without this, it is difficult to establish the reliability of public keys or even to conveniently find suitable ones.
Difference between symmetric and asymmetric encryption
- Symmetric encryption consists of one key for encryption and decryption while asymmetric encryption consists of two cryptographic keys known as Public Key and Private Key.
- Symmetric encryption is a lot quicker compared to the asymmetric encryption.
- Symmetric encryption has been there longer compared to asymmetric encryption.