Originally published by Robert Beisert at fortcollinsprogram.robert-beisert.com

Encryption: Symmetric and Asymmetric Keys

DES and AES are very similar encryptions. So similar, in fact, that you might think to put them into a category.

Today we’ll look at two common categories of encryptions – symmetric key and asymmetric key encryptions.

Symmetric Key

Symmetric key encryptions rely on both the recipient and the sender having a shared key which no one else knows. The sender uses the key to produce the ciphertext, and the recipient uses the same key to retrieve the original text.

This is probably the fastest and easiest kind of encryption, but it comes with a few major drawbacks.

1. How do we safely send the key to the recipient?

2. We need a unique key for every recipient.

The first problem is the most immediate. In theory, you could tell the recipient the key in a safe soundproof room, have them memorize it, and hope that the key somehow makes it back to the computer. (Tech manufacturers can pull this off, but the average person can’t).

The second problem becomes more important as we consider the Internet. We have billions of computers talking to billions of computers. Even if there were only 1000 computers on the Internet, each computer would need to remember 999 keys to be able to talk with the others. That dog won’t hunt.

Asymmetric Keys

This brings us to the interesting question: what if I could have a key that only I know, and share a different key with anyone who wanted to talk to me. Kind of like the post office, where everyone has their own key to get their mail, but the post office has a master key they can use to put mail into those boxes.

Believe it or not, some very talented mathematicians have developed a number of ways to do exactly that.

Basically, on my computer I produce two keys using a magical function. Each key can be used to encrypt something, but cannot be used to decrypt it (because math). I can share one of those keys with anyone who asks, and they can send me safe messages that I can safely open. Moreover, I can send them messages that…

…well…anyone can read. BUT only I could have written them.

Most of the time, we do asymmetric keys in pairs. Both the sender and the reciever have a public (shared) key and a private (secret) key. The whole process works like this:

1. A uses its own private key to encrypt the message

2. A uses B’s public key to encrypt that new message

3. A sends the message to B

4. B uses its private key to decrypt the message

5. B uses A’s public key to authenticate the message

It’s a great system, but it’s slow like crazy. Usually, we use asymmetric keys to exchange symmetric keys which we use for one session only. This solves the first problem of symmetric keys by creating a totally secure way to transmit the keys, and it solves the second problem by deleting the key after we’re done with it.

photo by: