Asymmetric encryption

This is an encryption method in which the encryption and decryption keys are not the same – in other words, they are not symmetric but asymmetric. Typically, in asymmetric encryption, data is encrypted using a public key and decrypted using a private key. Despite the fact that secret codes have been in use for thousands of years, asymmetric encryption has only existed since 1977.

What exactly does asymmetric encryption mean?

The key feature of asymmetric encryption is that each recipient has their own unique key pair:

1. A public key that everyone should know and use to send data to that particular recipient. Only data encrypted using the recipient’s public key can be decrypted by them.
2. A private key, which the recipient must keep strictly confidential. Only with this key can the recipient decrypt messages encrypted using their public key.

Behind these individual key pairs lie mathematical calculations that are easy to perform but very difficult to trace back without ‘secret knowledge’. For example: multiplying two very large numbers is easy. However, it is virtually impossible to work out which numbers were multiplied simply by looking at the result.
As the decryption calculations in asymmetric methods are very complex, they take a relatively long time – even for the legitimate user of the private key.

Asymmetric encryption is not entirely secure either. The greater the computing power available in modern computers, the more likely it is that even asymmetrically encrypted data can be decrypted. Nevertheless, the unauthorised decryption of asymmetrically encrypted data requires an enormous amount of time and the use of exceptionally high-performance and expensive computing resources. However, for data that is intended to remain encrypted for decades, the security of its asymmetric encryption should be reviewed regularly.

Where do I come across this problem in my day-to-day work?

When you send an encrypted email, it is likely to be encrypted and decrypted using an asymmetric method. Common methods include S/MIME (Secure / Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy); you may have come across these abbreviations before.
Data is also exchanged over the internet using asymmetric encryption, recognisable by the HTTPS protocol. This is a hybrid method: asymmetric encryption is used to exchange a key, which can then be used to decode the subsequently symmetrically encrypted data. Full asymmetric encryption would significantly slow down data exchange.

What can I do to improve my security?

Use asymmetric encryption methods, particularly for sensitive data, such as your email communications.
For processes where this is too time-consuming, hybrid methods are a suitable alternative. As with the HTTPS protocol mentioned above, only the key used in symmetric encryption is exchanged via the asymmetric method.

It is best to discuss with your IT department which procedures are recommended for which types of communication and data.