Asymmetric Key Cryptography

Asymmetric key algorithms use a related pair of keys. You encrypt with one key of the pair, and can decrypt only with the other key of the pair. Even the key you encrypted with cannot decrypt the ciphertext. Typically one key of the pair (called the “public” key) is published for anyone to use, while the other (called the “private” key) is kept carefully hidden by the owner of the keypair, and never shared with anyone.

There are several widely known asymmetric key algorithms, including RSA, DSA and ECC. These are based on difficult mathematical problems, like the factoring the product of two gigantic prime numbers.

For privacy, you encrypt with the recipient’s public key (anyone can do this), and decrypt with the recipient’s private key (only the recipient can do this). For authentication, you encrypt something (the digest of a message) with the signer’s private key (only they can do this), and verify the signature with the signer’s public key (anyone can do this).

Asymmetric key algorithms are good at key management and authentication, and poor at bulk encryption. Most real-world cryptographic systems combine both: symmetric key for bulk encryption (and decryption), and asymmetric key for key management and authentication.