The differences between Symmetric and Asymmetric Encryption [SECURITY+ CERTIFICATION]

One of the ways to remember something you’re always forgetting to to write it down. It’s one of the reasons I like blogging. I was so caught up in the middle of something I was doing today that when asked what should have been a simple question on the differences between symmetric and asymmetric encryption my mind locked up.

So again, repetition is the best way to memorization.

Symmetric Encryption

Symmetric encryption uses a secret key which can be any set of characters. When that key is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.

So if A=01 and B=02 and so on to Z=26 then 1001191514 becomes JASON. 

Obviously this is a very simple example and it would be somewhat easy to figure out.

The problem with secret keys of any strength is trying to exchanging them and the base configuration pattern over a public network like the Internet and trying to keep them from falling into the wrong hands.

Anyone who either obtains the original configuration pattern or can figure it out then knows the secret key and can decrypt any message sent with it message

Asymmetric Encryption

One answer to the weaknesses of symmetric encryption as outlined above is to leverage asymmetric encryption. Asymmetric encryption uses two related keys as part of a key pair. A public key is made freely available to anyone who needs to use it and a second, private key is kept secret, so that only you know it.

Any data encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any data that is encrypted by using the private key can only be decrypted by using the matching public key.

The main drawback to asymmetric encryption is that it is slower than symmetric encryption and requires more processing power to both encrypt and decrypt the data.

About Digital Certificates

In order to use asymmetric encryption there must be a way for users to discover other public keys to encrypt and decrypt data. This is generally done by leveraging digital certificates. The digital certificate contains all of the information that identifies a user or a server, as well as other pertinent and / or needed information such as the organization name, the organization that issued the certificate, the user's e-mail address and country, and the user's public key and so forth.

Certificates are signed by the Certificate Authority (CA) that issues them and usually is a commonly trusted third party. They are relied upon to verify the matching of public keys to identity, e-mail name, and any of the additional information as outlined above.

There are four kinds of digital certificates used on the Internet:

• Personal Certificates – Certificates that identify individuals
• Server Certificates - Certificates that identify servers that participate in secure communications with other systems
• Software Publisher Certificates - Certificates that sign software, showing that the publisher is participating through a trusted CA.
• Certificate Authority Certificates – divided into two categories; Root Certification Authorities and Intermediate Certification Authorities

Root Certification Authorities have the ability to assign certificates for Intermediate Certification Authorities.

Intermediate Certification Authorities have the ability to issue server certificates, personal certificates, publisher certificates, or certificates for other Intermediate Certification Authorities.