When one party wishes to communicate secured data with another and they both share the same key for encrypting and decrypting the data, the process is known as symmetric cryptography
. The shared key is referred to as a symmetric key
. Because the same key is used to encrypt and decrypt the data with symmetric cryptography, the decryption process is essentially a reversal of the encryption process.
The main problem with symmetric cryptography is that the keys must be shared between parties involved in the encryption or decryption processes. The question then becomes; how do the parties securely exchange the keys? Passing the keys physically or within a corporate intranet is often considered secure; however, in the world of the public Internet, this is usually not an option.
In an effort to solve the key exchange problem of symmetric cryptography, asymmetric cryptography was introduced. Asymmetric cryptography replaces the single, shared key with a pair of mathematically related keys, known as the public key and private key or asymmetric keys. The public key and private key are generated together and can only be used for encryption and decryption when they are used together.
|Figure 1. Asymmetric Data Exchange: The figure shows the steps involved in exchanging asymmetrically encrypted data.|
With asymmetric cryptography, the public key is made available for use by anyone who wishes to communicate securely with the owner of the private key, while the owner keeps the private key confidential.
These steps are typical when exchanging secured data using asymmetric cryptography:
- The sender retrieves the recipient's public key, usually from a trusted third-party such as a certificate authority.
- The sender then encrypts the data using the public key and sends the encrypted form of the data.
- The recipient uses a private key to decrypt the data.
|Figure 2. Session-Key Data Exchange: People typically use asymmetric encryption only to exchange a shared symmetric key, called a session key, which both parties then use to encrypt and decrypt data for the duration of the exchange process.|
illustrates a typical exchange using public keys and private keys:
Asymmetric cryptography is more expensive than symmetric encryption in terms of computational resources; therefore, developers ordinarily use asymmetric encryption only to exchange a shared symmetric key, which is then used by the sender and receiver for the duration of the data exchange in a symmetric-based conversation. The symmetric key is often referred to as a session key in this situation.
Figure 2 illustrates a typical exchange using public keys, private keys, and session keys: