The basic idea behind a symmetric and asymmetric key is to have the ability to encrypt and decrypt a secret message using a secret key. This key is meant to keep the message exchange (or store) secure and only readable by trusted parties.
Symmetric Key Encryption:
In symmetric key encryption, all parties share the same secret key which is used for both; encrypting and decrypting messages. The process typically involves the following:
- A single key is generated (typically using a strong algorithm);
- The key is shared with (or distributed to) all trusted parties;
- Plain text is encrypted using the symmetric key;
- The ciphered text is delivered to trusted parties;
- Ciphered text is decrypted using the same/shared symmetric key, resulting in the original plain text.
AES, DES, Blowfish and Rivest Ciphers are common examples of symmetric key encryption.
- Significantly faster than asymmetric cryptography;
- Smaller key size than asymmetric keys. Therefore, it requires less amount of storage space;
- Simple to understand and implement;
- Suitable for bulk data encrypting.
- Suffers from the key distribution problem — i.e. how to get the key to the party with whom the data is to be shared;
- The risk of the key getting compromised is high. For example, the key can be stolen or copied while in transit which can then be used to decrypt any ciphered texts encrypted with that key (in the past or the future);
- Rotating (or changing) a key might become problematic as the key would have to be updated/redistributed to all parties and systems that rely on it.
- Banking: Encrypting credit card information or other Personally Identifiable Information (PII) required for transactions to prevent identity theft;
- Supply-Chain: Authenticating objects or parts (e.g. peripheral, battery, cartridge, etc.) at different manufacturing sites to ensure that they're genuine and authorized to be used with another product;
- Data at Rest: Encrypting data that is not actively moving from device-to-device or network-to-network (such as data stored on a hard drive, laptop, flash drive, etc.).
Asymmetric Key Encryption:
In asymmetric key encryption, a public/private key pair is used. The public key is uploaded to a server where it can be accessed by anyone to encrypt and send a private message. The encrypted message can only be decrypted using the related private key (which is not disclosed). The process typically involves the following:
- A public/private key pair is generated;
- The public key is uploaded to a server where it can be accessed by anyone;
- Plain text is encrypted using the public key;
- The ciphered text is delivered to recipient holding the private key;
- Ciphered text is decrypted using the private key, resulting in the original plain text.
Diffie-Hellman, Elliptic Curve and RSA are common examples of asymmetric key encryption.
- It does not suffer from the key distribution problem that symmetric key suffers from, as the private key is not required to be transmitted;
- Messages can be digitally signed to authenticate the recipient's identity and ensure that it comes from a trusted source and is not tampered with in transit. This can help safeguard against potential man-in-the-middle attacks for example.
- Computationally expensive to generate the key pairs;
- The process is comparatively slower than symmetric cryptography;
- If you lose the private key, the message cannot be recoverd;
- Not suitable for encrypting large amounts of data;
- Public key must be managed.
- Digital Signatures: Confirming user's identity for digitally signed documents;
- Secure Internet Traffic: Initiating a secure communication between client and server while browsing a website using HTTPS;
- Blockchain: Confirming identity to authorize transactions for cryptocurrency.
Hope you found this post useful. It was published (and was last revised ). Please show your love and support by sharing this post.