Symmetric vs. Asymmetric Encryption

In the past, when two persons wanted to send messages to each other in a secure way, they resorted to something called Symmetric Encryption. Symmetric encryption is a type of encryption that uses one secret key to encrypt and decrypt messages. Hence, the two parties must have this key to communicate.

Sending a message from you to me using symmetric encryption.

The issue with this approach is that saving and protecting the keys is very difficult because these two persons have to know the key. So, if one of them has been hacked, the key could be stolen easily. Moreover, even if the two persons decided to send the key directly on the network and change it periodically, someone could be intercepting the network to get the key; this is commonly known as a Man-in-the-middle attack.

This type of encryption in its simple form has caused many problems until a new type of encryption arose, which is Asymmetric Encryption, also known as Public-key Cryptography.

In this type of encryption, each device generates a key pair, one is public, and the other is private. Both of the two keys are connected mathematically in a way that if you encrypt a message with a public key, it can only be decrypted by the private key and vice versa.

The main idea is that if you want to send me an encrypted message, I'll have to generate a public and private key pair. After that, I'll send you the public key then you can use it to encrypt your message and send it over the network. If anyone tried to intercept your message, they wouldn't understand it because it's encrypted. Also, if they tried to decrypt it, they wouldn't be able to do so because they need the private key. Luckily in this approach, the private key only resides on my machine and is never sent over the network.

Sending a message from you to me using asymmetric encryption.

The same idea would apply to me if I decided to reply to your message. You've to send me your public key to decrypt my response and send it.

Notice that there is no danger in sending the public key over the network or even uploading it to the internet as this is its main purpose. Additionally, the current machines' limited capabilities make it difficult to derive the private key from the public key. This operation can take a huge amount of time.

Till now, you should have understood the core difference between symmetric and asymmetric encryption. Follow the coming articles if you want to understand their applications and their essential to you as a software engineer.