What Is Asymmetric Encryption? | Asymmetric vs. Symmetric Encryption

Asymmetric encryption, also known as public key encryption, makes the HTTPS protocol possible. In asymmetric encryption, two keys are used instead of one.

Share facebook icon linkedin icon twitter icon email icon

Aymmetric Encryption

学习目标

阅读本文后,您将能够:

  • Learn what asymmetric encryption is
  • Understand the difference between asymmetric and symmetric encryption
  • Explain why asymmetric encryption is important for the TLS/SSL protocol

What is asymmetric encryption?

There are two sides in an encrypted communication: the sender, who encrypts the data, and the recipient, who decrypts it. As the name implies, asymmetric encryption is different on each side; the sender and the recipient use two different keys. Asymmetric encryption, also known as public key encryption, uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key, and vice versa.

TLS (or SSL), the protocol that makes HTTPS possible, relies on asymmetric encryption. A client will obtain a website's public key from that website's TLS certificate (or SSL certificate) and use that to initiate secure communication. The website keeps the private key secret.

What is symmetric encryption?

In symmetric encryption, the same key both encrypts and decrypts data. For symmetric encryption to work, the two or more communicating parties must know what the key is; for it to remain secure, no third party should be able to guess or steal the key.

How are asymmetric encryption and symmetric encryption used for TLS/SSL?

TLS, also known as SSL, is a protocol for encrypting communications over a network. TLS uses both asymmetric encryption and symmetric encryption. During a TLS handshake, the client and server agree upon new keys to use for symmetric encryption, called "session keys." Each new communication session will start with a new TLS handshake and use new session keys.

The TLS handshake itself makes use of asymmetric encryption for security while the two sides generate the session keys, and in order to authenticate the identity of the website's origin server.

How does a cryptographic key work?

A key is a string of data that, when used in conjunction with a cryptographic algorithm, encrypts or decrypts messages. Data encrypted with the key will look like a random series of characters, but anyone with the right key (either the same key or one of the public/private key pairing) can put it back into plaintext form.

How does Cloudflare help web properties implement asymmetric encryption?

Cloudflare offers the use of free SSL certificates. Website owners who have signed up for Cloudflare can implement SSL with one click. This makes it easy for websites to move from HTTP to HTTPS, keeping user data secure and increasing user trust.

To learn more about SSL/TLS handshakes and how they use both asymmetric and symmetric encryption, see What happens in a TLS handshake?