What is asymmetric encryption, and what algorithms use it?
Quick Answer
Asymmetric encryption uses a pair of mathematically linked keys: a public key (safe to share with anyone) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the matching private key. Common algorithms are RSA and ECC (elliptic-curve cryptography, used by ECDHE and ECDSA).
Detailed Answer
Asymmetric encryption uses two different keys instead of one:
- A public key, which the owner shares with anyone.
- A private key, which the owner never shares.
Anyone Server
has: server's public key has: matching private key
plaintext --[encrypt with public key]--> ciphertext
|
v
[decrypt with private key] --> plaintext
Anyone can encrypt a message using the server's public key, but only the server can decrypt it, because only the server holds the matching private key. The two keys are linked by math, but you cannot practically work out the private key just by knowing the public key.
Common asymmetric algorithms:
- RSA — one of the oldest and most widely used. Relies on the difficulty of factoring very large numbers.
- ECC (Elliptic-Curve Cryptography) — a newer family of math that gives the same security as RSA with much smaller keys. TLS uses ECC in two ways: ECDHE for key exchange and ECDSA for signatures.
Asymmetric encryption solves the "how do strangers agree on a key" problem from the previous question. But it is much slower than symmetric encryption, so TLS only uses it briefly, during the handshake, and switches to fast symmetric encryption for the actual data.