Poietic explorations

Poietic explorations

🪴 Symmetric and asymmetric encryption

Recently I stumbled upon this video that helped me to refresh some basic concepts about how TSL and SSL make use of encryption algorithms.

Assymetric encryption made simple:

Both Pam and Jim have a pair of public and private keys each one. When Pam wants to send a secured message to Jim, she uses Jim public key to encrypt it, and when Jim receives it, he used his own private key to decrypt it.

  • The main advantage of using Asymmetric encryption is its strength. It's simply the most secure because private key should never be shared.
  • The disadvantage of using Asymmetric encryption, is that is not adequate to send Bulk Data.

How should we then encrypt Bulk Data? For that, we have Symmetric encryption

Symmetric encryption made simple:

It uses a single symmetrical key to encrypt and decrypt the message. That means that both Pam and Jim share the same key.

But wait... so why don't we use Symmetric encryption in that case?

Symmetric keys have some flaws:

  • Improper symmetric key management: let's say Jim wants to send his key and send it to Pam via UPS. During the key transfer, someone opened the envelope, saw the key, and copied it before it arrives at Pam. The key is not secure anymore because there is one more copy beyond Pam's and Jim's copy.

  • Key exhaustion: When you use the same encryption keys multiple times, there is a chance of information leakage. Someone can use this information to reconstruct the key. (A simplified example of how this can be achieved).

  • Attribution: Symmetric keys normally don’t support metadata to carry information like access control or expiry date. (Some standards do it somehow, but a key management system is needed to handle that).

  • Scalability: A few keys are easy to manage manually. But at a bigger scale, key rotation and tracking expiration can become a headache.

So then what can we do?

Hybrid encryption

We can use symmetrical encryption to encrypt the Data we transfer and use asymmetrical encryption to encrypt the symmetric key, which can be decrypted by the other party's private key.

This is called Hybrid encryption and it combines the best of both worlds. The efficiency of symmetric encryption with the convenience of public-key in asymmetric encryption.

To encrypt a message, a fresh symmetric key is generated and used to encrypt the data, and only the users with the private key can decrypt it.

And that is how TSL and SSL work, in a nutshell.

You can also use Hybrid encryption for Signatures, but let's keep that for a different post.

Sources: https://www.youtube.com/watch?v=_zyKvPvh808&ab_channel=PracticalNetworking https://www.g2.com/articles/symmetric-encryption

← Back to home