Skip to content

Asymmetric Encryption#

Unlike symmetric encryption (AES), there is no pre-shared key. Instead, a set of keys is generated by both parties (those wishing to communicate): one key is public and a second is private.

This system is known as public key cryptography, and it's what enables the likes of Transport Layer Security to work.

In short, two people generate key pairs and then they share their public keys with each other. They can send these public keys over the public Internet in plain text, because it doesn't matter if they're intercepted. Once received, each person can then encrypt a message using the public key belong to the other person. They then send this encrypted message to the other person who uses their private key to decrypt it. Only their private key can do this.

This flow looks like this:

Asymmetric Encryption

Asymmetric Encryption
(Fleshgrinder, Public domain, via Wikimedia Commons)

Public key cryptography is slower than symmetric encryption, so what tends to happen is two people share their public keys, one party generates and then shares a pre-shared key with the other party using the other party's public key, and then they switch to the more secure and faster symmetric encryption using the key that was securely shared.

Now they can send each other a pre-shared key securely and switch to a faster protocol. That's essentially how HTTPS (HTTP+TLS) works.