What is asymmetric encryption?

Asymmetric encryption, also known as public key encryption, makes the HTTPS protocol possible. In asymmetric encryption, two keys are used instead of one.

Learning Objectives

After reading this article you will be able to:

  • Learn what asymmetric encryption is
  • Understand the difference between asymmetric and symmetric encryption
  • Explain why asymmetric encryption is important for the TLS/SSL protocol

Related Content


Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

Increase security and trust using Cloudflare's free SSL / TLS

What is asymmetric encryption?

There are two sides in an encrypted communication: the sender, who encrypts the data, and the recipient, who decrypts it. As the name implies, asymmetric encryption is different on each side; the sender and the recipient use two different keys. Asymmetric encryption, also known as public key encryption, uses a public key-private key pairing: data encrypted with the public key can only be decrypted with the private key.

TLS (or SSL), the protocol that makes HTTPS possible, relies partially on asymmetric encryption. A client will obtain a website's public key from that website's TLS certificate (or SSL certificate) and use that to initiate secure communication. The website keeps the private key secret.

What is symmetric encryption?

In symmetric encryption, the same key both encrypts and decrypts data. For symmetric encryption to work, the two or more communicating parties must know what the key is; for it to remain secure, no third party should be able to guess or steal the key.

How are asymmetric encryption and symmetric encryption used for TLS/SSL?

TLS, historically known as SSL, is a protocol for encrypting communications over a network. TLS uses both asymmetric encryption and symmetric encryption. During a TLS handshake, the client and server agree upon new keys to use for symmetric encryption, called "session keys." Each new communication session will start with a new TLS handshake and use new session keys.

The TLS handshake itself makes use of asymmetric cryptography for security while the two sides generate the session keys, and in order to authenticate the identity of the website's origin server.

How does a cryptographic key work?

A key is a string of data that, when used in conjunction with a cryptographic algorithm, encrypts or decrypts messages. Data encrypted with the key will look like a random series of characters, but anyone with the right key can put it back into plaintext form. (A key can also be used to digitally sign data, not just for encryption.)

How does Cloudflare help web properties implement asymmetric encryption?

Cloudflare offers the use of free SSL/TLS certificates. Website owners who have signed up for Cloudflare can implement SSL/TLS with one click. This makes it easy for websites to move from HTTP to HTTPS, keeping user data secure and increasing user trust.

To learn more about SSL/TLS handshakes and how they use both asymmetric and symmetric encryption, see What happens in a TLS handshake?