Cryptography is the process of encrypting messages or data to make them unreadable to others. The principle is quite simple. A key is used to convert plaintext into ciphertext. And only those who have the decryption key can decrypt the ciphertext and read the plaintext.
Digital cryptography can be divided between symmetric and asymmetric encryption.
Unlike symmetric encryption, which uses the same key to encrypt and decrypt the plaintext, asymmetric encryption uses a key pair. Each participant has an individual public key and a private key. The two keys are closely linked by a mathematical algorithm.
With asymmetric encryption, one type of key can only be used for one process (encryption or decryption), and the corresponding key of the other type must be used for the opposite process. So either:
- Encrypt: Public key + Decrypt: Private key
- Encrypt: Private key + Decrypt: Public key
As the name implies, the private key is only for the private use of the key owner. One can either use it to decrypt information encrypted with the public key, or to encrypt messages onerself, which can then be decrypted with the public key. On the other hand, the public key, as the name implies, is public and can be used by all other parties.
For example, if two entities (sender and recipient) want to encrypt data, the process is as follows.
- First, each needs the other's public key.
- The sender then uses the recipient's public key, which it has previously obtained, to encrypt the data.
- The recipient can then use its own private key to decrypt the data and view the plain text.
If the data is intercepted in transit, the interceptor cannot read them without the private key. This also means that if the private key falls into the wrong hands, a new key pair must be created.
In addition to encrypting messages, the key pair can also be used to sign messages. To do this, the sender signs a message/file with their private key, and the recipient can verify the signature with exchanged public key, thus ensuring that it came from the correct sender.
The advantage of asymmetric encryption is clearly its security. Because the private key for decrypting the data remains with the recipient, there is no transmission over insecure channels and only one person has to keep the secret. The public key alone is of little use to attackers. Another benefit is the number of keys. With asymmetric encryption, the number of keys increases linearly with the number of parties. This means that fewer keys are needed than with symmetric encryption.
A disadvantage is the high computation time, which is almost 1,000 times slower than symmetric encryption. In addition, the overhead increases with multiple recipients, since encryption must be performed with each recipient's public key.
The solution is hybrid encryption (a combination of symmetric and asymmetric encryption). The data itself is encrypted symmetrically, and the key is then encrypted and sent asymmetrically. This takes advantage of both methods:
- the high speed of symmetric encryption and
- the high security of asymmetric encryption.
Well-known asymmetric encryption algorithms include ECC (Elliptic Curve Cryptography), which Engity uses in our authentication solution to sign tokens. Other well-known methods are RSA (Rivest, Shamir and Adleman) or DSA (Digital Signature Algorithm), both of which are widely used but considered to be flawed.