Asymmetric Encryption: What It Is & Why Your Security Depends on It – Hashed Out by The SSL Store

From securing websites to signing software, youll find asymmetric cryptography (including encryption) in use virtually everywhere online. Heres what you need to know about the cryptographic process that helps keep your data secure online

Asymmetric encryption is the backbone of internet security. Without it, stealing your critically sensitive data is as easy as taking candy from a baby for most cybercriminals. Weve seen plenty of the painful reminders over the last few years in data breaches that resulted from expired SSL/TLS certificates. (Hence why we always talk about the importance of certificate management to avoid these issues.)

But what is asymmetric encryption? Well start with a quick public key encryption definition before moving on to explore this more technical topic at length. Dont worry, well try to keep this briefer than our usual tome-style explanatory posts.

Lets hash it out.

To put it simply, asymmetric encryption encrypts and decrypts the data shared between two parties in public, insecure channels (like the internet). This process involves using two separate but related keys. In a nutshell, its all about securing your sensitive information to keep it out of the hands of unauthorized users or entities (e.g., cybercriminals) when you need to upload it to a website, send it via email, etc.

Asymmetric encryption is also part of whats known as asymmetric key cryptography and public key cryptography because the two keys used are mathematically related but unique (hence, asymmetric):

Heres a basic look at how this process occurs using the two keys:

Frankly, asymmetric encryption is a term that sounds more complex and intimidating than it actually is. Once you understand the basics, the whole thing will make a lot more sense. But if all of this is a bit hard to grasp, lets imagine that you have a special safe that uses two locks one key locks the safe and the other opens it. Likewise with asymmetric encryption, anyone who has access to the public key can use it to encrypt data, but only the person who has access to the private key can decrypt that information.

Asymmetric encryption is at the heart of a framework known as public key infrastructure. We arent going to get into the specifics of how PKI works because, frankly, describing it in every article is a bit of a time suck and gets monotonous. So, well just give you a quick summary before moving on: PKI is the foundation of technologies, policies, and processes that enables us to send sensitive data securely across the internet. It relies on a combination of public- and private-key algorithms, digital certificates, and policies.

The purpose of encryption is to ensure that any sensitive data you want to share with a specific person is kept secret to everyone except your intended recipient. This is necessary because we live in a time when we share and transmit data via multiple ISPs and routers, and many miles of cables beneath the oceans.

Historically, you used to have to meet up with someone face to face to exchange messages or secret keys to unlock future communications. (This is known as key distribution.) This process typically required taking a horse, boat or train to meet up with the other party to give them a copy of your secret key. But with the internet, these time-consuming rendezvous needed to exchange communications have been replaced with near-instant digital communications via the internet.

This is all fine and dandy except for one (not so teensy) little issue: the internet is incredibly insecure. Without a way for users to securely exchange keys to encrypt their data, then anyone could intercept the communications in transit. Asymmetric encryption solves this key distribution issue by creating a way to securely exchange keys (or key-related data) without ever having to meet the other party in person.

Encryption works by applying a complex mathematical formula to your original plain text (readable) data to convert it into a long, indecipherable data string. So, if you took the message I cant wait for season 4 of Stranger Things! and encrypted it using a 2048-bit RSA public key (more on RSA later), youd wind up with a gibberish message that looks like this:

Clearly, this isnt something that any human being can make heads or tails of in terms of deciphering the message thats a good thing when it comes to keeping your sensitive information secret. The good news is that computers allow us to use encryption keys this size and larger to encrypt data in a secure way so that unauthorized users cant access it.

What makes this even better news is that even if a bad guy tried using a modern supercomputer to try to crack the key, theyd still be out of luck. This is because the sheer computational processing resources and time required would span far longer than their entire lifetime and the lifetimes of many generations of family members that follow i.e., were talking millions of years here.

Well talk you through the process of how asymmetric key encryption works later in the article. But for now, we want to point out that asymmetric key encryption isnt the only tool we have up our sleeves when it comes to PKI

Technically, asymmetric encryption could be used on its own as a way to send and receive data. But why would you want to do that? Its just too bulky and resource-intensive to be used for that purpose at scale. (Not good for large businesses that handle a lot of connections to their websites and services.) This is why, in many cases, asymmetric encryption is used initially as a way to securely exchange sensitive data between two parties before they switch to using symmetric encryption for the rest of the exchange.

Symmetric encryption, or whats sometimes called symmetric key encryption, uses just one key for both for data encryption and decryption. This means that theres only a single key that must be kept secure hence, why this method of encryption is known as private key encryption or secret key encryption.

Symmetric encryption is faster and also is thought to be more secure than asymmetric encryption when the parties are using smaller key sizes. (When using large key sizes, asymmetric encryption wipes the floor with symmetric encryption but does so at the cost of speed.) But each cryptographic approach has its uses and applications. Check out our other article to learn more about the difference between asymmetric vs symmetric encryption.

So now that we know what asymmetric key encryption is and have a basic idea of what it does, lets explore a few examples of how you can use it to improve your organizations data security:

Algorithms are, basically, the instructions that computers use to solve a problem. Asymmetric key encryption algorithms come in different flavors or varieties for you to choose from. But you cant take a one-size-fits-all approach when it comes to selecting the right asymmetric encryption algorithms to meet your needs.

Of course, there are clear differences between many of these asymmetric key algorithms how they operate, what their specific key lengths and security strengths are, etc. You have to choose the right one based on your needs or use cases. Lets quickly explore two of the most common public key encryption algorithms:

Of course, RSA isnt the only asymmetric key exchange algorithm. Here are a few other notable algorithms worth mentioning for secure remote key distribution as well:

To learn more about each of the different types of asymmetric algorithms, be sure to check back with us over the next few months. Well publish an article that will focus on that exact topic (much like what we did with symmetric encryption algorithms).

Asymmetric encryption between two parties works by using a public key to encrypt data and a private key to decrypt it. The process looks something like this:

If you were to break down what this process looks like, lets consider the Stranger Things example from earlier. Lets say I want to send you the following message: I cant wait for season 4 of Stranger Things! (Not sure why this message would be sensitive enough to require encryption, but lets just run with it.) In this case, Ill use your public key (which looks something like this when using a 2048-bit RSA key) to decrypt the data:

When you apply it to the message, youll wind up with the data string we showed you earlier:

Obviously, you wont know what Im saying with the message still encrypted. Youll then use your private key, which is considerably longer to decrypt the data string:

This will then decrypt the data and allow you to read the original plain text message.

Dont worry, well cover all of this more in depth in a future article. Stay tuned for that!

Alright, weve droned on enough about asymmetric cryptography and its corresponding encryption and key exchange algorithms. Hopefully, youll leave this article with greater knowledge of asymmetric cryptosystems than you started with.

Asymmetric encryption and key exchange algorithms are the cornerstones of modern public key infrastructure. Without them, there would be no way to remotely exchange sensitive or otherwise secret information via public channels like the internet. Wed still be using clandestine face-to-face meetings like stereotypical spies from Hollywood films.

Understanding what asymmetric encryption is and how it all works is the first step to helping strengthen your organizations cyber defenses. When you realize the importance of managing your certificates and protecting your cryptographic keys, itll help you avoid many of the pitfalls that help companies make unflattering headlines due to data breaches and other security incidents.

Original post:
Asymmetric Encryption: What It Is & Why Your Security Depends on It - Hashed Out by The SSL Store