Goal of this blog post
I will try to provide a basic overview of symmetric and asymmetric encryption and where one or the other would be used. Security is an interesting and important topic that will only gain more in importance with all the devices connected to the internet or some other network. Also I’m personally really interested in it but haven’t actually taken the time to start learning anything relevant beyond the most basic overview that I’ve snapped up from random sources. So this post will probably be one of a series as I start to finally learn these subjects and will provide a trail of my progress for me to look back to.
What’s symmetric/asymmetric in this context?
Let’s first look at the terminology. What does it even mean for cryptography to be symmetric or asymmetric?
Symmetric cryptography is probably the one people usually first think about when talking about encryption. You have a single key (i.e. a password) that is used for both encryption and decryption.
Asymmetric cryptography on the other hand splits up both those operations. Encryption and decryption each use a separate keys that are connected to each other.
Symmetric cryptography is the older of the two and arguably has the simpler tools. You have one password that’s used both for encryption and decryption. But this password won’t be used directly it will first be passed through a key derivation function to bring it into the correct shape needed for the algorithm. The actual key, but that’s likely all done under the hood by whatever tool you’re using and this also goes too deep for this article.
Having a single password is both an advantage since it’s as simple as it can get, but it also has disadvantages that we’ll get to later. Since we won’t go into any underlying details in this post, lets instead look at the properties a password should have:
It should be strong. Meaning that it shouldn’t be easily guessable like
password, your name or other personal information that are often easily available to others. It also should be long, so that an attacker can’t simply try all possible variations.
It shouldn’t be reused. It might seem simple to just keep a single password in your mind and use that everywhere, but please don’t do this. Let’s say a single one of the places where you used that password has a security leak and reveals your password, suddenly someone could have access to all the places where you reused the password. This leak could be a simple website that you don’t even frequent anymore.
If every place has a unique password on the other hand it’s much more limited. They might have gained access to one account, but all other places have a different password and aren’t affected by it.
It should be secret. Now that’s the rather obvious one, since it can be used for decryption as well as encryption others must not know it. So don’t keep it near your PC on a post-it note.
So since the password shouldn’t just be written somewhere easily available on our desk, but it should also be strong and we should have a different unique one for everything, how do we keep track of them? That’s the place where password managers come into play. You just have to remember one strong master password for the password manager and it takes care of keeping all your other passwords well organized and safely stored for you. They also provide the ability to generate strong random and long passwords whenever you need one. There are many good ones so take your pick, but please use a password manager. Personally I use KeePass.
So when to use symmetric cryptography? Use it whenever you are working with data at rest that you want to keep secure. That could be personal data, backups or other sensitive data that you want to encrypt before uploading it on a cloud storage or saving to an external drive. Or simply having an additional safety from the prying eyes of your roommate.
Why not use symmetric cryptography everywhere?
But since it’s so simple why not use it for everything? Why use it for data at rest but not for securely sharing files with others? That’s where one of the drawbacks of just having a single key comes into play.
I could easily encrypt a file with a password and send it to you as an email attachment. But how do you open it? You have to know the password as well, and we can’t just send it with an email as well. If someone is listening they would be able to get both the file and the password.
Also what about a website? We all know secure
https websites that are sent encrypted. When we connect to the site it can’t just publicly send the password it’ll be using for all the encryption, it would defeat the whole point. That’s where asymmetric cryptography comes into play.
Now as I wrote at the start, asymmetric cryptography uses separate keys for encryption and decryption and that they are somehow connected. Now we won’t go into details on how they are connected but there’s lots of math involved. So why have two keys? It fixes one of the problems we had with symmetric cryptography, namely the sharing of encrypted data.
The two keys are usually called public key and private key. Like the name already says you should keep the private key securely stored away so that only you got access to it. Similar to your password with symmetric cryptography. The public key on the other hand can be freely shared without the fear of anyone getting access to your encrypted files.
So what are the individual keys used for?
The public key will be used to encrypt data in such a way that only the connected private key can decrypt it. That’s why we can just share it without being concerned about our security. If a random person gets access to our public key they could encrypt files, but there’s no way for them to decrypt anything, making it useless for an attacker. The private key is used for all the decrypting, this is the one we keep secure.
So let’s say you want to securely send me your favorite encrypted cat picture:
- I give you my public key without any concern.
- You use it to encrypt the picture and send it to me via email.
- I decrypt it with the private key that only I have and which is securely stored away.
Asymmetric cryptography is also commonly used for digital signatures, to make sure that the file was actually sent from the right person and not a hostile third party. In those cases it would be reverted, I’d use the private key that only I have to sign it and you could use my public key to verify that it was actually from me. But I won’t go into any more detail here.
Combining symmetric and asymmetric cryptography?
This is just a small preview to what will likely be my topic for the next blog post. There are some places where both symmetric and asymmetric cryptography are used. I mentioned one place above already:
https for web traffic. We couldn’t use symmetric cryptography because we had trouble securely sharing the secret key/password. Now asymmetric cryptography could work but https actually uses both. I won’t go into detail but it first uses asymmetric cryptography to safely share a secret key/password which will then be used for the symmetric encryption and decryption of the actual website content.
But like I said this will be a topic for the next blog post. And I’ll try to learn more and start looking a bit at the details with that one instead of just having a cursory glance.
So I hope this cursory glance was interesting to you (and hopefully also helpful to myself whenever I decide to look back) And if you’d like to contact me regarding the post feel free to. Especially since this was a just supposed to be a cursory glance I didn’t talk about any tools in specific but you can download my public pgp key and send me an encrypted message if you’re willing to work through the tools needed on your own. Also here’s an embedded version of my public key (no need to scroll down further if you are just here for the article, this is the end of the content and the key is lengthy):
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFodCnoBEADmkHisUnOD8YnNTzj2P3F2D6l/Og+4qdrTtvAt26z8IikEsbi1 7nW4CLG1AMtdcm4tS2hrU7gpqbKMvvIZn8uhiiVBejhGFLNBG4RjfSiRMYdVAGLT FQragfQh3dFJDwh8oRKaNt7v/RrVagxPlrB3g1UntRIgXs+/D1FT1MxWZBpGn92V 5h9GyuNFDOrdaYFBL7+XBFJv9cVVb18xFFw5AK8TcCdqXCX9o7HCtUHBsyxZ4bJs TSgxfaxlfMCFWHX2ExKtV3NcByyYzPEGU8oXKX9OQY6xQm5e2s0SBXFLwMSPS1Jm eYHEkqL/GVnq/lFbnq+SUc4eD+mgonEjs0EHO5gmrzBY8Njzx1q8XZWQ9/iD8dAQ 5B/NetJmIFuOMVSJ164rircZJ68W/QP6tCZiHplHW0WKljx8GaNF90Sj7A9MYm0d PmP73C7niY9FKZX+hDnh7KSaI/unb+xfNYT7wO0NLfow2umnmFJjNGWWpR6dwSFP QDz3bj8hOPfovMg+YikpBhDF/YDYznPhjxmejlEXBLOJEpexFObMrbGTgPTifTi2 peOCPTQiTk3PrVvvGg+8NPNOqQMF01e8dzZcDYNzghmUoksetKKmHRJ/IgpzrUp2 19kjT+PfvjzZ751bgmv2VIgKI2xTA28Fr3ash56eFLhsJbQX62MRwzd2nwARAQAB tCdSYXBoYWVsIE1pZWRsIDxyYXBoYWVsLm1pZWRsQGdtYWlsLmNvbT6JAlcEEwEK AEECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQTu/54fZ05qgJ+pG+OP oTHBD3/HZgUCW0YjRwUJBOyDJgAKCRCPoTHBD3/HZs8DEADQTrUdmTo774WM2sUg WbuWegvsInR/v7hVzbuQTkvgDhkRc6o9ZdEbVHn+fTVZO+JAW6VMWzZUN7Fly8OC bHpMP4wDATCDMyBTOyBTiPLuTvSCnS1zS3SCQfSEUNmbisG/yevaw86mOHcHALw8 SOGXz3D58y7V463maDNrO7m4MzuAAYDRwswNiMNa02QAPKqHHkto5FFzV5W1Btw+ UxL8XJK9w6c9ZY3skc6y2hfZJpOo+cXxQRlHOstNBWLN64ovG058RhQx8AJqU27S JoVWBiqQeR84Mc5eB/tZH+alJpzEn4LbjtnH2d73PYdyhTtmwSU7MXuEFHOVaTVW z3hepViCIbPk9vZvAWFo7+mWr3pznB5LRgx2ii0gWSpAF9zi8k7m6VIrV94gJVKc 895J5wIPnwsdxyefm+ny0p5qX55DxqHM96wxk3VWYGG0gUsJPmo/HZfctXAmWvms O8SwxXa8hldE5TKY9XO30INQ/cDlLfU6KrJtNSWVrYaUYe7X1zCg20FIvLP2nrn0 HBoGal/M8JZmo61ItPEQrsLlkQ/3W4/v0TDD9WT417ONkp956mVlM+owzMAQem32 Pwh5O0tLk40jcrjHlyNG5Zydx1TXEVE4rHBTc1Opne4XzuwREHQMXjOeqx0vkpJk j7WAFbiSHsO1HHT/Ig/ENbwq1bQpUmFwaGFlbCBBZGRpbGUgPHJhcGhhZWwuYWRk aWxlQGdtYWlsLmNvbT6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC F4AWIQTu/54fZ05qgJ+pG+OPoTHBD3/HZgUCW0YjUwUJBOyDJgAKCRCPoTHBD3/H ZvKCEADTyXi+JyBghAGH/heapjTIdZC7hJIGDBNdqlbOWy5iiJ+WX9CKMTdhir5A geYcXn334XAL7wWkfU0pVkbqFw55jDRj3xiqg2FePBRSPWM4xv0Xjp6h23bsJDS0 m/tTs9rrJnSV5Oo+JpmbQsLM6C+50jGvErgecwRRbmkz9oAdn6Y3oc4LE5/Nxrsq 7MmlbGTkHzxJGgSTt0MUKhSg0xh2aXacD8V0Sng9Sgwl538zDyJHU0uql+lBFPhN IcAUFr7rtoPpNS6A/MIti9xA0fVd3VKr8FWYLZU1HWjpA4OjMD6jNz/TAgKsfR9y 6ZTYKgvbe3tqC4gi3nIepETrS6LL2SD7ZLiiOEY5wZOp1zf+ep6mwELrWdnFcWuF rnAlB5YL5Yf3J+8aiVd5MF381wKFRgQRHO2ASgKN5PSwZgJ7wa97S+6dEnbBzbL4 HGTB3R4bg5QJNBEPx/C5IrDBxwiTGzLCDV+00riVoCeorz4LXsIxhIEhv37WfUV0 ljDThho9KmMogjqQ4KAtXyhQHQ0k4uNmLEq9QlBTSqU5UmVUxqmEc5e/ypqJBVj1 OQrx4dcPLT2cBLVPmdSlDJW9jaOMu52jVuIY3qKZXzQDWeAvZPJW7swYNZLkY/CQ kwZdBDyx+eLXqIPkkbiZG0tY00myS/y9lc8bts0qbmlSuOXMsbkCDQRaHQp6ARAA 256z10CYTdPn0waCwkxoEIdZ3rii5yJ5Q/IfM5Sbn38Ln1SWjFJQFUC3gIeeQobf Q0OT/ChykAYBbsffhfx4Oax04BnRLMrSAYAEkDB1s3VAl1dbLLr/SlpSbmPUbug4 MNGVoqEibxNqxT3i/hxZ0YFa9BWeLFiFuktB5jy/EkLzfsA1ZDLC1vzPjiHlWJTU Wb2frXhi3PV0oLVeFPF8aYcm1yefjVB1xyCtE/Kxnt/pSU2yOg0ZrQi8V1IA1dS+ woPAlkkTYQ8Sq3vmk1ZXP6hTtbjevms6IbiLzEsMPeKqHY3sAejPoASgedtgrqs3 nlJ81qFCyGPJqvLchVbkFHVdocG0lyKAqk3pNy4tVZ0WrGsb68wJNEgb3ysVHN3u +FOtv3Iz7N9rauovm0E89/vi9qe5q4V68YuhNXnQ0ZoQsGLYXwngGI/ZTbZr0HxH FBnPPDToJ0mCj4X/hi3Df55Ao4tC9bYV/AUfDZSN8QM8mh3N99fW7hORDu/Feg8+ y1pyxTn7mKtoGejos/rbCwPeAabk3+Vy7mu+IirtucYm5rjXC4/wXBsl4wdsIOqo ucjk11KlrgTvkOgAgkYfGNg23zwa4O+IriP7nCK7a/HnSgCF0nY136HgaaA58ARj e/CxoIpKiLTPPXEaBvG3Ytpr1Ii9A7Ga3d4YpfExQL0AEQEAAYkCPAQYAQoAJhYh BO7/nh9nTmqAn6kb44+hMcEPf8dmBQJaHQp6AhsMBQkDwmcAAAoJEI+hMcEPf8dm iWIQAJafffNw0cEjRfMVlvDVsU/VAH9g/D+7bCBSusuRPXquEQW1wg/EUbyTSqG8 OZp461lXKi8M11kabL+4e6Y+H0gqa1z2MyLd0nq1+BSQPUOiyIrN+ZKiXnvxSpLv 9/YX07aastsvsQ6UuO1CdW/+u6fSnnsTEHUM3ikZq+3ejKh2nKQswPRyvmUogocp Ci1ZbmUyLoS0iXxNXZmR843mNg/8SwbGVGOTw9m1VQzgPnkyuIOLPo0v/9JIrFxv PL73AoCm3lEwysc7ICGyYePNvmVbypXlL4G2Q8LTjGYJRWIkaFxkwPLg3Z6rPAlQ x5idU3TgHIT9McIE/2ORtSWIRBhGZzqayZQ5eJXZU3Bz3CgGZ+xdQWdnCKI9gODa Rxr/Qy3FZwVxOk5mvuNVBwtDr6nGUj2IzHQv7RgiqPptyHaHEE9EUULac3fqb5+l TDOnz7uCPzmAja2TPMpy5K5fVsMyOEBd3/OoPH0OZjaZLSadAnZsu4XByE+s+Ayd ceW0S74HYpGpXggRWjv5eZvau5PcJ82UP1hn/ezCoBCylnSn3/52MzSFJUjtuErz OvAqH9qyXBDaP3IAryBhat4zZF2jhEHtCr2OMENSJ2bWj85/S0cAxgEjAvBjjjbj Dw7gztpOUnTYYR/hhmIL5Gv6NoDyVeOP3nEczAxbqAnv2oiEuQINBFodC7wBEADI fPmOJaEXOk9UuA0sZMsY45jPDGEwGae6vfC6F0MgxLjq2oJQWpo48AsFCoPXGCUq jve6FtVYyshM9DEG58OG+AavLlN9tLDlMDoIbf5tUi+i1mFa6wYUsyh/SKub35Xy SQ6hnNilPLSj3u60GZI7V9dRO/tP7G/67Wi+EQeLthjq+SEjs1wFO3GzQgIzb4v/ 6/v5juRfgep9Wpt1ArhYyC/9MzMzmL1ThH9xNT6jdCPSB/rfys3wkHATsRQ9vtN2 cFNzb1crYmluutx8qPs/YZGCrbXNcVcBwnYlPJhZyaEgHReFWnl6d5K2YRlTiZd7 MIawks+bcL7QzvWBBbdSXlNwY1QcyqLNWGvA3RyT/2lB6xST+GWoMRNnt8MA8TQ9 GgoolxNeSdkHKWz91FAGDJzfc9icmYS0Tuu5mvnkQZaR//b6i91KFvQwkeUc4cZa 654JehElzcM2RCqL56gQXB4s1Ct9Rbifh8bD5laYMsW/QA4qdA0mYvY8mEpHBEOS W2LKXgDl7xNllfeDVOGknT18LDk0uHb3LjFni/SExcoI20iB9g+OaF7I3mJeuNkW 5g6C8dwduIEJPkk0pMQjQ2tz0qAGBvSVCjhQ2QiFNWPWjsQOPgQblYqju4eiajuD rw9mUy0G/OAZv7S0CSUZfBo5qnxhKvqzhCjUsTJOuQARAQABiQRyBBgBCgAmFiEE 7v+eH2dOaoCfqRvjj6ExwQ9/x2YFAlodC7wCGwIFCQPCZwACQAkQj6ExwQ9/x2bB dCAEGQEKAB0WIQTSQxJPOJs8uSInlJCtYWJVsvC6uQUCWh0LvAAKCRCtYWJVsvC6 uTqSD/9GuPRjHC7nxDEcagE8CFVMsuh+AmECbG9oTgc0JAHrSb1khdO31/7jFHOX KNuGjNa6fPKDCxCZIsw1xmzMquojoMgCTLbAAiwIMFhsG0Q+yAQ0GRyUQTubdv9H YHDxQY956iFmnowG238xPSWOCigaw0RZQ7HjD2POqtVBCkAesAyEJSERYWg4Ao9V VMHcXqk3FU1IpQbkSwg20ri5ZEfNweitvTgTjBYuq1iTOTL/FVLd88kRP+6GfwcN 8wwrbdDi9CkyADJpELGUkl9jzTRGC51DpdUyeomOjEfhK8OY0zwu4zLZUeRgZinD /E4wdD7kKXbFsVt161QIdBYN5bcTX6TNl/WSyeMTCsDoWccgOXihDcJK9Rz4eGh5 bQOXlq1IGyYHRnfM6t/CUoi8k/FGdjwSecsKhBeAeoC2rG3RmCgN9DWjBbZZFQXr KKLQVORKIjGTUw80D1nDQLoh4FVEuJcEjZH49tKYp8qYXLnxuUaCzXBbaon3iIcI CB0Je+cGAYRDq3L4CZyvkSRLDe2A4N0w9MZX43PlHAgm+7ejKKBdirVrSAwK8Aia KdvzWO/SgaLfKh535AcaYuHnmaDQO6WHW6lzUyvBEhizkmk73KFIe6ojmwW8xPwf Au85w35PO1i+y1cSYAwXBtDJl0AvCtwFqL9emoRBMENe80dmzrv1EAChrolf2UgG bBATIPE49VPvZipfHkDzek0vm8Y1PTjA7V+b0Vwi5LebBOmwLY2qgFBP9mz0Ie78 k2Mu1d7SgE49AyljDRpuYRnHzFQrf8Lgljip3ctdwkL04Gr/oRbVL5njG/yFehEz FaqncBlb2DQVXoOPeVIJeM2dAMByf1JlbYbNlq1mRNFEA5YRkXOmvqroCbbH8wom 4Yar0etDX84YvDOtORKAezRpWoFJtMWMxSG4diru8vAiGdp+mfN+un9Zm6WaTTid GuwHJpLCJtFNhSyq5pa8bfmDDtqXRnw3ONvgJveBmCKdAXaZMnCpKDRmmwRelFcT 03yi4q4uctE5Ns9UXf1rhL9wz3UW0fJuWdziwtGydEe+HA3BNafKoMdOvJOtuieu X/QTFVq0E4wbn8rEv/svnKgKRPLYOqXyU7gS8W3MM75AThYsxyRQ5VCZkZA9dlmF IjMTGVX8UcejjpVYYG+oGVwNfjo+bjr1M7svsxwRV7oLI06H0gm1STmtgbL7K7Al Cl6HPxE7WF4OYV5xZ2Oofj5smhu5hGWS1A4KzoIPgwLC8Zfsn8MjxZbB8gpR8c2K m/SmS9ZODv0uELmNpEoZTdftUvEe0NAP5csSbKA+QTARXS0FT2RY/qFMbRgszBBm 8Hs/J5j+JECA4nMgRIcCKrzLfKOQDMM/2Q== =FSIe -----END PGP PUBLIC KEY BLOCK-----