Encryption - Symmetric & Asymmetric

Encryption - Symmetric & Asymmetric

Last updated
Sep 13, 2022 11:52 AM
Published
September 13, 2022
Tags
Systems Design
Reading Time

4 mins

Intro

Private (symmetric) and public (asymmetric) key encryption are key concepts to understand when designing secure systems. They are used in many important technologies that backend and frontend engineers should know about. These include SSL, JWT, Kerberos, digital signing and certificates, and many more! To learn more about these things check out my articles on them 😊

While encryption and security may seem daunting at first, you’ll quickly find out that the basic concepts are quite easy to grasp 💯

Private Key Encryption (Symmetric)

Symmetry as defined by my good friend google is as follows

similarity or exact correspondence between different things.

So more or less you have two (or more) things and they’re the same. That’s symmetry.

In the context of encryption, symmetric encryption is when two or more parties use a single key in the encryption and decryption of data.

Here’s an example below:

BRIAN ADD A DIAGRAM HERE

Private key encryption is simple because all parties use the same single key. It’s easy to use but has a disadvantage. How do we safely share this key between parties?

If an attacker grabs hold of your private key all communication encrypted with that key is compromised. While there are workarounds, many people opt to use public key encryption.

Public Key Encryption (Asymmetric)

Take our definition for symmetry above and FLIP IT 😈

So more or less you have two (or more) things and they’re not the same. That’s asymmetry.

In the context of encryption, symmetric encryption is when two or more parties use two different keys in the encryption and decryption of data: A public and private key.

Here the public key is available to everyone while the private key is only available to the person who made the two keys. Anyone can encrypt a message with the public key, but only the holder of the private key can decrypt it. Conversely, a public key can be used to decrypt a message encrypted by the private key.

We receive the following key benefits from the above:

  • Non-repudiation. If we can successfully decrypt a message with a private key we know for sure that anyone who encrypted that message must hold the private key. They cannot deny sending that risk dm 🍆
  • We can encrypt messages that are sent over insecure channels because we are able to verify that no one has read or changed the messages in transport.
  • We don’t have to figure out secure ways of sharing secrets as only one party needs the private key.

Here’s a diagram of what this would look like :

BRIAN ADD A DIAGRAM HERE

On its own public key encryption cannot prove the identity of a message sender. Anyone can grab hold of the public key so how can we know that we are receiving a message from a trusted party?

To solve the above we will need to make use of digital signatures and certificates. Check out my next article on this topic!

Sources

https://www.youtube.com/user/sunnylearning

https://www.educative.io/courses/web-security-access-management-jwt-oauth2-openid-connect