Asymmetric Encryption

Asymmetric Encryption

Encryption is the process of taking a message and scrambling its contents so that only certain people can look at your message.


There are two types of encryption: symmetric and asymmetric encryption.

Let's first take a look at symmetric encryption to understand why asymmetric encryption was created.

?

To do that, let me introduce you to Alice and Bob. Alice has a sensitive document that she wants to share with Bob. She uses an encryption program to protect her document with a password or passphrase that she chooses.

Symmetric Encryption


She then sends the encrypted document to Bob. However, Bob cannot open this message because he doesn't know the passphrase that Alice used to encrypt the document. In other words: he doesn't have the key to open the lock.

Symmetric Encryption


Now comes a real problem: how does Alice share this passphrase securely with Bob? Sending it through email is risky because others might find the passphrase and use it to decrypt any messages between Alice and Bob.

Symmetric Encryption
Symmetric Encryption


This is exactly the kind of problem that asymmetric encryption intends to solve. It's comparable to a mailbox on the street. The mailbox is exposed to anyone who knows its location. We can say that the location of the mailbox is completely public. Anyone who knows the address can go to the mailbox and drop in a letter.

?

However, only the owner of the mailbox has a key to open it up and read the messages.

?

Let's go back to technical details. When using asymmetric encryption, both Alice and Bob have to generate a keypair on their computers. A popular and secure way to do this is by using the RSA algorithm.

This algorithm will generate a public and private key that are mathematically linked to each other. Public keys can be used to encrypt data and only the matching private key can be used to decrypt it. Even though the keys are linked together they cannot be derived from each other. In other words: if you know someone's public key, you cannot derive his private key. If we retake our mailbox example then the mailbox's address would be the public key something that everyone is allowed to know. The owner of the mailbox is the only one who has the private key and that is needed to open up the mailbox.

Asymmetric Encryption

?

Let's now take a look at how Alice and Bob can use asymmetric encryption to communicate securely with each other.

They start by exchanging their public keys. Bob gives his public key to Alice and Alice gives her public key to Bob.

Asymmetric Encryption


Now Alice can send her sensitive document again. She takes the document and encrypts it with Bob's public key.

Asymmetric Encryption

?

She then sends the file to Bob, who uses his private key to unlock the document and read it. Because they use asymmetric encryption, only Bob can decrypt the message. Not even Alice can decrypt it because she doesn't have Bob's private key.


The strength and security of asymmetric encryption now rely on Alice and Bob to keep their private keys well protected. If an attacker steals Alice's private key, it can be used to decrypt all messages that are intended for Alice. However, the attacker cannot decrypt messages that were sent by Alice because that requires Bob's private key.

Asymmetric encryption is used in a lot of places where security really matters. You might not be aware of it, but every time you visit a secure website via HTTPS, you're actually using asymmetric encryption. It's also being used to securely send emails with the PGP protocol. And one last example: Bitcoin also uses asymmetric encryption to make sure that only the owner of a money wallet can withdraw or transfer money from it.


Source: https://www.youtube.com/watch?v=AQDCe585Lnc

要查看或添加评论,请登录

Mohamed Samy的更多文章

  • Cross-Site Request Forgery (CSRF) Attack

    Cross-Site Request Forgery (CSRF) Attack

    What is CSRF? CSRF attacks occur when a malicious website tricks a user's browser into making unintended requests to a…

  • The Hi/Lo Algorithm

    The Hi/Lo Algorithm

    The Hi/Lo Algorithm is also known as the High-Low Algorithm. it is useful for generating unique keys for entities…

  • The Purpose of Asynchronous Code

    The Purpose of Asynchronous Code

    Writing async code on the server is all about freeing up threads as soon as possible so they can be used for other…

  • CAP Theorem

    CAP Theorem

    What is the CAP theorem? How useful is it to system design? Let’s take a look. The CAP theorem is a concept in computer…

    1 条评论
  • Delegates and Events In C# .NET

    Delegates and Events In C# .NET

    The concept of events and delegates is a little bit confusing for some of us. I was one of them when I started.

  • Common Language Runtime (CLR) in .Net

    Common Language Runtime (CLR) in .Net

    Before C# we have to language in the C family C/C++. Using C or C++ our application compiler translated our code into…

    2 条评论
  • Difference between System Design and System Architecture

    Difference between System Design and System Architecture

    System design and system architecture are related concepts in the field of software and systems engineering, but they…

社区洞察

其他会员也浏览了