Asymmetric encryption (i.e. public key encryption or public key cryptography), also known as asymmetric cryptography, is used to protect files, directories, and entire devices from unauthorized access and to exchange secret messages. This is done by using keys for encryption and decryption.
You can find detailed information about secure data exchange in our overview article on encryption methods.
Unlike in symmetric encryption, users do not share a common secret key (i.e. a private key) in this method. Instead, each user generates their own key pair which consists of a secret or private key and a public key. Any party with the public key can send encrypted data to the owner of the private key, verify their digital signature, and authenticate them. In turn, the private key can decrypt the encrypted data, generate digital signatures, and provide authentication.
In the following, we explain the idea behind asymmetric encryption, its functions, applications, and potential advantages and disadvantages.
The concept of public key cryptography first emerged in 1975 which makes asymmetric encryption a rather new field in cryptography. Cryptography itself dates back more than 2,000 years. The main advantage of asymmetric encryption is also the greatest disadvantage of symmetric encryption. The communicating parties do not have to agree on a single shared key. Each party has their own additional private key.
The problem with a secret key method (symmetric encryption) is the key exchange. The secret key must reach the recipient; the more communicating parties share a key, the more confusing and time-consuming this exchange becomes, thus, making it more unsecure and vulnerable.
This makes asymmetric cryptography a practical alternative since each user has their own key pair.
When using asymmetric cryptography, each communicating party has a key pair consisting of a public key and a private key. Like keys being held together by a keyring, keys in this cryptosystem are tightly coupled together by a mathematical algorithm. Data encrypted with the public key can only be decrypted with the private key. It is, therefore, crucial that the private key remains secret from all other communicating parties to protect the data and ensure that public key cryptography is carried out securely.
In practice, the person sending the data will always need the recipient’s public key. The public key has a one-way function in encryption. It can encrypt the data, but it cannot then decrypt it. This can only be done by the recipient of the data with their own private key. However, the public key is not just used for encryption. It is also used to verify digital signatures and authenticate communicating parties.
The key is transferred during the initial contact. The private key simultaneously generates digital signatures and can authenticate itself to other communicating parties. In short, asymmetric encryption allows everyone to access a public key but only decrypt it with the private key. This allows for highly secure data exchange.
To start asymmetric encryption, the recipient generates a private and a public key. The communicating partner can access the public key. This simple transfer occurs via a certification authority or a key server where the key has been stored. The sender encrypts their message with the public key and can then send it to the recipient as cipher text. Once this message has been encrypted, it can only be decrypted by the recipient using their private key. Therefore, in principle, you can freely choose which communication channel to use; even if the encrypted message is intercepted by an attacker, its contents will remain secret.
This one-way function is the main idea behind the asymmetric cryptosystem. The two keys are completely independent from one another. Even if an attacker has access to the public key, they cannot use it to draw any conclusions about the private key. To ensure this is the case, the public key uses clearly defined prime factors that are multiplied together and produce an unambiguous result. The following is an example of a calculation the public key might perform:
23 x 199 = 4,577The private key, on the other hand, works exclusively with the result of this calculation (which is 4,577 in this example). It is almost impossible to draw any conclusions about which factors were used to get this value since there are acountless number of possibilities for how it could have been reached. To this day, there is still no mathematical procedure or algorithm that would simplify this reverse calculation.
This example used very small prime numbers. In practice, asymmetric encryption uses much larger numbers. This makes public key cryptography highly secure.
HTTPS stands for Hypertext Transfer Protocol Secure. Unlike the commonly used unsecure Hypertext Transfer Protocol (HTTP, data sent via HTTPS is asymmetrically encrypted and thus sent securely.
Asymmetric cryptosystems can also be combined with symmetric methods. In this case, the keys are first exchanged using asymmetric encryption, but the subsequent communication is then encrypted symmetrically. This hybrid encryption system is used when users want the speed of symmetric cryptography but the security of asymmetric cryptography.
The most popular encryption program is probably Pretty Good Privacy, better known as PGP. It is based on public key cryptography and is used to encrypt emails. In this case, a public and private key are generated upon installation. The public key can then either be personally distributed or stored in a central database. In this database, anyone can search for keys from specific owners. Using the public key, the sender encrypts their data and labels the email or message as being PGP encrypted. The recipient can then use their private key to decrypt it and make it readable again.
OpenPGP was developed as a free alternative to PGP in 1997. This open source software now has many extensions that go beyond the scope of PGP’s functions.
Signature methods are always closely tied to public key cryptography. RSA is the best-known method for digital signatures. A signature is the code containing the private key for the message. The sender “signs” their message with RSA and, in this way, adds a layer of security. They can then send the message. The authenticity of the message and identity of the sender are verified by the recipient using their public key.
RSA is regarded as an old but proven signature method. A couple of alternatives that generate and recognize digital signatures using a similar method are DSA (Digital Signature Algorithm) and ElGamal.
A concrete example of cryptographic protocols is encryption with SSL/TLS. This network protocol ensures secure communication, such as between the web server and browser. Simultaneously, it verifies the server’s authenticity. To do so, SSL/TLS uses hybridencryption (i.e. both asymmetric and symmetric methods). The public key is signed by a certificate authority, and the resulting certificate is encrypted. The certificate can then only be opened by the certificate authority’s public key. To do so, the web server sends its certified public key to the browser, for example, which checks the certificate. If the certificate is valid, the browser generates a symmetric key and sends it to the web server. Both will then use the same shared key for the rest of the SSL/TLS session for the symmetric encryption of their data traffic.
The main disadvantage of public key cryptography is its slow speed of encryption. It also requires significantly more computing power. Therefore, a hybrid system was developed that combines symmetric and asymmetric systems, like the previously mentioned example of SSL encryption. Previous issues such as unsecure authentication and a high vulnerability to malware have since been solved by the use of digital certificates and signatures and ID-based cryptosystems.
To get the best of both worlds, we recommend hybrid encryption. Asymmetric cryptography handles the task of key distribution. This means you can avoid the cumbersome process of distributing keys associated with a symmetric cryptosystem. The result is encryption that is fast, secure, and practical.
Are your emails encrypted when you send and receive them? If not, there’s no time like the present! Encrypting your email is the only way to ensure it arrives safely at its destination. Otherwise sensitive data such as passwords, bank details or addresses, could be available for anyone to read. The simplest solution is the SSL transfer protocol.
The topic of data security is becoming increasingly important for both private users as well as in the business world. As a website owner, you should take all the necessary precautions to ensure that a visit to your site is as secure as possible. Converting your site from HTTP to HTTPS or SSL is an important first step to securing your website and gaining your customers’ trust.
Fake emails pose a major threat to recipients. At the same time, it’s becoming increasingly difficult to verify the authenticity of emails and sender addresses. One effective method of verifying the sending mail server and checking the authenticity of emails is called DKIM (DomainKeys Identified Mail). What is DKIM and how do you set it up?
Storing data in electronic form is part of daily life. However, the more confidential the data being stored is, the more important security provisions become. So-called audit compliance, which already applies to documents of a commercial or tax-related nature, is playing an increasingly important role in the digital enterprise of the future.
A good encryption software keeps your data secure. It enables you to easily protect a folder, hide hard drives, or sync encrypted data to a cloud, for example. Find out more information about recommended encryption tools and what they do, and get an overview of their advantages and disadvantages in our dedicated article.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages