Asymmetric encryption is also known as public-key cryptography.
Different keys are utilized for encryption and decryption.
This public key can be disclosed.
The private key on the other hand must be kept secret by the owner.
Given a public key, the private key cannot easily be calculated.
This is based on the difficulty of factoring large numbers in modular arithmetic.
Asymmetric encryption provides two common use cases.
- Somebody sends an encrypted message that only the owner of the private key can decrypt. This can provide confidentiality.
- The owner of the private key signs a message as a proof of authorship. Furthermore, this would make modifications to the message body detectable, as the signature would become invalid.
The following two aspects have to be considered when talking about asymmetric encryption.
- Authentication - The source of an encryption key can not easily be verified and be a man-in-the-middle. Public key infrastructure (PKI) tries to address this issues by providing a trust anchor in form of a certificate authority.
An alternative is the decentralized “web of trust”.
Individual endorsements provide a link between a user and a public key.
- Performance - asymmetric encryption is slower than symmetric encryption. In TLS the keys for symmetric encryption are exchanged between the parties via asymmetric encryption.