Asymmetric encryption, also known as Public key cryptography, is a type of encryption that uses different keys to encrypt data. These keys are the private key and the public key.
While both of these keys can be used to encrypt data, the complementary paired key will be necessary for decryption.
For instance, if you encrypt a message using the public key, its private key counterpart will be required to decrypt. And if you use the private key to encrypt a message, the public pair will be required for decryption.
Unlike symmetric encryption which has shorter key lengths, asymmetric encryption uses longer key lengths of between 512 bits to 4096 bits. Generally, key lengths equal to or less than 1024 bits are considered insufficient, while those above 2048 bits can be considered trustworthy.
How Asymmetric Encryption Protects Your Data
Asymmetric encryption offers a versatile and resilient approach to safeguarding sensitive information. One of its key benefits is its ability to uphold the 3 core security principles, commonly known as The CIA triad.
We can not talk about data security without mentioning the CIA triad. Well, not the intelligence agency. Briefly, the CIA triad is the shorthand for the three fundamental principles of cybersecurity. They are: C is for Confidentiality, I is for Integrity and A is for Availability. Each of the three elements plays a crucial role in maintaining the security and reliability of our data and systems.
Confidentiality
The principle of confidentiality ensures that sensitive data is only disclosed to authorized people whether the data is stored, at rest or in transit.
In asymmetric encryption, this objective is achieved by the use of public and private keys without a pre-shared password. When the public key encrypts data, only the host with the private key can decrypt it.
Note: Should the private key be exposed, a new pair of keys must be generated to substitute it.
Integrity
Integrity is the assurance that data has not been, in any way, changed throughout its lifecycle.
Asymmetric encryption ensures integrity by enabling the use of hashing and digital signatures. For instance:
Step 1- Encrypt the Message: I am writing a message to my husband, and to ensure no one else can read what I am trying to tell him, I encrypt this message using his public key. This means that only my husband will be able to read it because he is the only one with his private key.
Step 2- Create a Hash: Next, I create a hash of this message that I am writing to my husband. A hash is an alphanumeric string that uniquely represents the data in a message. For instance, your National ID number, which only identifies you.
Step 3- Encrypting the Hash: Once I have created a hash (read as the ID for my message) I encrypt it using my private keys. Essentially, this acts as a signature that verifies that this message has come from me.
Step 4: Finally, I send my encrypted message and its encrypted hash to my husband.
Step 5- Decryption and Verification: When my husband receives my message, it will still be in its encrypted state. And because I used his public key to encrypt the message, he will need his private key to decrypt it. He will then be able to read my message.
Remember the hash I created? I used my private keys. But for him to verify that my message has arrived intact, he will decrypt the hash using my public keys. If the hash he decrypts matches the one he generates with my public key, then it will confirm to him that no one interfered with the message during transmission.
Availability
Although not directly, asymmetric encryption ensures availability by enabling secure communication channels and access controls.
In cases of data recovery, for example, the private key can decrypt data even if the data is intercepted or stored in an insecure location. This ensures that data is available for use by the intended recipient.
Authentication
Authentication isn't within the CIA components, but it is equally an important achievement of asymmetric encryption.
Asymmetric encryption achieves authentication right at the beginning of the encryption process. In summary, when a private key is used to encrypt data, only its corresponding public key can decrypt the data.
The private key is exclusive to a single host, meaning only this host can encrypt the message and as a result authenticate the sender’s identity.
On the other hand, the public key is not kept a secret, and this allows multiple hosts to decrypt a message.
Protocols that Use Asymmetric Key Algorithm
The following are a few examples of protocols that use Asymmetric encryption algorithm.
Pretty Good Privacy ( PGP): Used for decrypting and encrypting email content, as well as authenticating email messages using digital signatures and file encryption.
Secure Socket Layer (SSL) /Transport Layer Security (TLS) protocols:
SSL was used to secure data transmission between a user’s browser and a website.
TLS is the successor to SSL and is an improved version that addresses many of the security issues found in SSL.
They use a combination of asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
Internet Key Exchange (IKE): This is a hybrid protocol frequently used in IPSec networks for key management purposes. it serves as a means to exchange encryption and/or authentication keys over unsecured channels, such as the Internet.
Secure Shell ( SSH): SSH is a protocol used for secure remote login, command execution, and file transfer over an unsecured network. It uses asymmetric encryption for key exchange and authentication during the initial connection setup.
S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a standard for secure email messaging, allowing users to send and receive digitally signed and encrypted emails. It utilizes asymmetric encryption for key exchange and encrypting email content.
Other applications of asymmetric encryption include digital signature services such as Adobe Sign and DocuSign. In these services, when a user digitally signs a document, their private key is used to generate a unique signature.
Subsequently, the recipient can authenticate the integrity of the document using the sender's public key. This procedure guarantees that the document remains unaltered and verifies the identity of the signer.
See you in the next article to discuss the advantages, disadvantages of asymmetric encyption and some of the emerging trends in encryption!