- Asymmetric encryption, also known as public-key encryption, offers stronger confidentiality than symmetric security, which uses a single shared encryption key. In asymmetric encryption, only the private key must be kept secret and the private key is only known to one party. This is a major improvement on symmetric encryption, particularly if the involved parties have no previous contact with each other. In addition, some asymmetric encryption algorithms require months, or years, of computer processing time to derive the private key from the public key. Symmetric encryption algorithms typically use an encryption keys 128 bits long, but asymmetric encryption algorithms use encryption keys at least 1,000 bits long to provide effective, lasting security.
- In asymmetric encryption, only one party needs to know the private key, so the key never needs to be transmitted over a network and cannot be compromised. The sender of a message only needs to know the receiver's public key, which the receiver provides directly, or by publishing it in a directory or database of email addresses available to everyone. Publishing the public key doesn't compromise the security of the communication between the two parties in any way. It is not uncommon for private/public key pairs to remain unchanged for a period of several years.
- The fact that the public key is different from the private key allows a trusted third party to verify the identity of the sender without actually being able to decrypt the contents of the message. One type of trusted third party is known as a certificate authority, which publishes a digital certificate containing the name of the user, the user's public key and a digital signature, in a format agreed by the sender and recipient of the message.
- Asymmetric encryption also provides non-repudiation or, in other words, evidence that a specific transaction has taken place between the sender and the recipient, so that neither party can deny it. When the recipient decrypts the message, a digital signature provides absolute, unequivocal proof that the sender signed it and, having signed it, the sender cannot refute the validity of the signature or authorship of the message.
previous post