Asymmetric Key Encryption
Introduction
Yesterday I introduced Symmetric Key Encryption. In that article I also mentioned Asymmetric Key encryption. Asymmetric key encryption is the topic of this article.
Asymmetric Key Encryption
The same principles discussed yesterday that you should pay attention too when selecting a symmetric key encryption algorithm hold true for asymmetric key encryption as well. In particular, experience has taught that only fully published algorithms can be trusted in the long term. Algorithms that require the algorithm itself to be kept a secret will fail eventually.
When using symmetric key encryption, both parties, the sender and the receiver of an encrypted message, must have knowledge of the key. That can pose a problem as the key needs to be transferred from one to the other, without it being revealed to any adversary on the way. However, if there is a way to securely transmit the key, we could just transmit the message itself and not encrypt it at all.
There is a family of encryption algorithms that solve that problem: Algorithms for Asymmetric Key Encryption. For asymmetric key encryption the receiver and the sender both have separate keys. The sender has a key that is used for the encryption step. That key however cannot be used to decrypt the message, nor can it be used to derive the other key. Because of these properties, it is safe to publish the encrypting key. The receiver on the other hand has a second key that can decrypt any message that was encrypted with its counterpart.
A Public Key
Because the encrypting key can actually be public knowledge, it is safe to publish it. That allows anyone to encrypt a message that only the legitimate receiver can decrypt. Because of that, the published key is called "public key" and asymmetric key encryption is often referred to as public-key encryption. The decrypting key on the other hand must be kept secret at all times and is therefore call "private key".
If asymmetric key encryption algorithms exist, why do we use symmetric key encryption at all? The reason is one significant disadvantage: Asymmetric key encryption is significantly slower. To get to the same level of protection that a say a 256-bit symmetric key provides you have to use 4096 bits or more for your asymmetric key and with that performance suffers.
To get the best of both worlds, public-key encryption is often used to encrypt a newly generated random key that then can be safely transmitted and afterwards used with symmetric key encryption.
The most commonly used asymmetric key encryption system is RSA named after the three inventors Ron Rivest, Adi Shamir and Leonard Adleman.
Summary
Symmetric key encryption suffers from the problem that the same key needs to be known by both the sending and the receiving party. Therefore, there needs to be a secure way to exchange the key. Asymmetric key or public-key encryption gets around that by using two different keys, one of which can be published.
Newsletter Sign Up
One Response to Asymmetric Key Encryption
Leave a Reply
You must be logged in to post a comment.
We know how to keep a database secure. We’ll do the same for you.
From the sqlity.net blog
-
How to identify the SQL Server Service Account in T-SQL
-
How to Change a SQL Login’s Password
-
Hash Algorithms – How does SQL Server store Passwords?
-
B+Trees – How SQL Server Indexes are Stored on Disk
-
How to Re-Create a Login with only a Hashed Password
-
The Hidden SQL Server Gem: UPDATE from SELECT
-
A Join A Day – Nested Joins
-
Determine the Uptime of a SQL Server Instance
-
A Join A Day – The Left Anti Semi Join
-
Log Reuse Waits Explained: LOG_BACKUP
Pingback: How to create a Symmetric Key - sqlity.net