Symmetric encryption and asymmetric encryption
Symmetric Encryption vs Asymmetric Encryption
“Symmetric encryption” uses the same key for both encryption and decryption by the communicating parties, but how to securely share this key is a challenge and poses risks of interception (man-in-the-middle attacks).
“Asymmetric encryption” resolves the issues faced by symmetric encryption through a key pair, consisting of a public key and a private key.
Assume A wants to communicate with B > A only needs to use B’s public key to encrypt the information > eventually B uses the private key to decrypt the information. The wonderful part is that:
- The encrypted message sent will not be leaked
- A and B keep their own private keys without sharing
- Even if A’s private key is stolen, only the encrypted messages sent to A will be leaked
Imagine a mailbox where anyone can drop in letters, but only the owner can open it; the concept of public and private keys essentially operates on the principle that “the lock for locking and unlocking is different.”
In the digital world, it is easy to compute a public key from a randomly generated private key using a one-way function, but it is almost impossible to derive the private key from the public key.
Combining Advantages of Both
- Asymmetric encryption addresses the “key distribution problem”: how to safely allow both parties to share a key
- Symmetric encryption addresses the “performance problem”: how to quickly encrypt and decrypt large amounts of data
By cleverly combining the advantages of both encryption methods, while avoiding their respective drawbacks, for example:
- TLS handshake phase
- The browser requests the SSL certificate from the server, obtaining the server’s public key
- Both parties negotiate the encryption algorithm
- The browser generates a random session key
- Encrypts the session key with the server’s public key and sends it
- The server decrypts it with its private key, confirming the handshake completion
- Data transmission phase
- All web content, images, and videos are quickly encrypted using the session key (AES)
- A new session key is generated for each reconnection