Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption. Anyone can use the encryption key (public key) to encrypt a message. However, decryption keys (private keys) are secret. This way only the intended receiver can decrypt the message. The most common asymmetric encryption algorithm is RSA; however, we will discuss algorithms later in this article.

Details of RSA Public-Key Cryptography

Public-key cryptography (asymmetric) uses encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) to create the public and private keys. These algorithms are based on the intractability* of certain mathematical problems.

Elliptic curve cryptography (ECC) relies on the algebraic structure of elliptic curves over finite fields. It is assumed that discovering the discrete logarithm of a random elliptic curve element in connection to a publicly known base point is impractical.

Asymmetric cryptography is a cryptographic system that uses key pairs. Each pair consists of a public key, which can be seen or accessed by anyone, and a private key, which can be accessed only by authorized people. This system has a useful property, which is that anything encrypted with a public key can only be decrypted by the corresponding private key. A popular method for generating key pairs and encrypting data is the RSA algorithm and cryptosystem.

A key drawback to asymmetric cryptography is the fact that you cannot encrypt large pieces of data. When you have a 2048-bit RSA key pair and encrypt something by using the cipher RSAES_OASEP_SHA_256, the largest amount of data that you can encrypt is 190 bytes.

To retrieve a copy of the public key from your AWS KMS key pair, you can use the GetPublicKey API. The following example shows how to use this with the AWS CLI command get-public-key and reference the key alias you set earlier.

Patrick is a security solutions architect at AWS. He has a passion for learning new technologies and cryptography across AWS services and having deep conversations with customers. He works on a team of security specialists who strive to continually delight customers. Outside of work, he spends time with his wife and two cats, occasionally playing video games when he can.

The solution to problems of identification, authentication, and privacy in computer-based systems lies in the field of cryptography. Because of the non-physical nature of the medium, traditional methods of physically marking the media with a seal or signature (for various business and legal purposes) are useless. Rather, some mark must be coded into the information itself in order to identify the source, authenticate the contents, and provide privacy against eavesdroppers.

Public key encryption, also known as public key cryptography, is a technique that uses two different keys to encrypt and decrypt data. One is the public key, which is available to everyone to encrypt data, and the other is the private key that an initiator can use for decryption.

Internet communications use public key infrastructure (PKI) to manage identity and security. Asymmetric encryption, or public key cryptography, is the core technology that enables PKI and offers data protection in various communication channels.

Public key cryptography is typically used in e-signatures. An e-signature is a mathematical method to authenticate the identity of a user and maintain the integrity of a document, message, or software. Businesses generally use e-signature software to distribute legally sensitive documents and collect digital signatures.

Public key cryptography is at the core of TLS/SSL cryptography protocol that ensures security in HTTPS. It protects web servers and clients against cyber attacks like man-in-the-middle attacks, where an attacker intercepts the communication and access the content within messages. Symmetric encryption is also a part of HTTPS, where public-key encryption is used to exchange keys between two parties, and symmetric encryption keys are used to carry out the encryption process.

Data has now leaped beyond traditional networks to the cloud, mobile devices, Internet of Things (IoT) devices, and various other technologies, making it crucial for enterprises to secure identities. Public key cryptography enables organizations to use digital identity certificates and replace passwords to prevent brute force attacks.

Elliptic curve cryptography is a type of public key cryptography that leverages the elliptic curve theory to generate efficient and effective cryptographic keys. ECC generates keys through properties of elliptic curve equations rather than factoring two large prime numbers.

Public key encryption consists of using two keys, providing a more secure encryption method as compared to symmetric cryptography. There are no exchanges of private keys in public key encryption that eliminates the hassle of key management. In contrast, if an exchanged private key is stolen or lost in symmetric encryption, it can compromise the entire system.

Apart from encryption strength, public key cryptography also enables users to verify digital identities while ensuring non-repudiation. These benefits have made asymmetric cryptography a popular choice of encryption, from Pretty Good Privacy (PGP) and HTTPS to OpenID Connect (OIDC) and WebAuthN.

RSA is named for the MIT scientists (Rivest, Shamir, and Adleman) who first described it in 1977. It is an asymmetric algorithm that uses a publicly known key for encryption, but requires a different key, known only to the intended recipient, for decryption. In this system, appropriately called public key cryptography (PKC), the public key is the product of multiplying two huge prime numbers together. Only that product, 1024, 2048, or 4096 bits in length, is made public. But RSA decryption requires knowledge of the two prime factors of that product. Because there is no known method of calculating the prime factors of such large numbers, only the creator of the public key can also generate the private key required for decryption.

Public key cryptography uses many fundamental concepts from numbertheory, such as prime numbers and greatest common divisors. Apositive integer \(n > 1\) is said to be prime if its factors areexclusively 1 and itself. In Sage, we can obtain the first 20 primenumbers using the command primes_first_n:

In cryptography parlance, our message is called plaintext. Theprocess of scrambling our message is referred to as encryption.After encrypting our message, the scrambled version is calledciphertext. From the ciphertext, we can recover our originalunscrambled message via decryption. The following figureillustrates the processes of encryption and decryption. Acryptosystem is comprised of a pair of related encryption anddecryption processes.

Elliptic Curve Cryptography (ECC) is one of the most powerful but least understood types of cryptography in wide use today. At CloudFlare, we make extensive use of ECC to secure everything from our customers' HTTPS connections to how we pass data between our data centers.

Be warned: this is a complicated subject and it's not possible to boil down to a pithy blog post. In other words, settle in for a bit of an epic because there's a lot to cover. If you just want the gist, the TL;DR is: ECC is the next generation of public key cryptography and, based on currently understood mathematics, provides a significantly more secure foundation than first generation public key cryptography systems like RSA. If you're worried about ensuring the highest level of security while maintaining performance, ECC makes sense to adopt. If you're interested in the details, read on.

The history of cryptography can be split into two eras: the classical era and the modern era. The turning point between the two occurred in 1977, when both the RSA algorithm and the Diffie-Hellman key exchange algorithm were introduced. These new algorithms were revolutionary because they represented the first viable cryptographic schemes where security was based on the theory of numbers; it was the first to enable secure communication between two parties without a shared secret. Cryptography went from being about securely transporting secret codebooks around the world to being able to have provably secure communication between any two parties without worrying about someone listening in on the key exchange.

The RSA algorithm is the most popular and best understood public key cryptography system. Its security relies on the fact that factoring is slow and multiplication is fast. What follows is a quick walk-through of what a small RSA system looks like and how it works.

All this means is that RSA is not the ideal system for the future of cryptography. In an ideal Trapdoor Function, the easy way and the hard way get harder at the same rate with respect to the size of the numbers in question. We need a public key system based on a better Trapdoor.Elliptic curves: Building blocks of a better TrapdoorAfter the introduction of RSA and Diffie-Hellman, researchers explored other mathematics-based cryptographic solutions looking for other algorithms beyond factoring that would serve as good Trapdoor Functions. In 1985, cryptographic algorithms were proposed based on an esoteric branch of mathematics called elliptic curves.

There are other representations of elliptic curves, but technically an elliptic curve is the set points satisfying an equation in two variables with degree two in one of the variables and three in the other. An elliptic curve is not just a pretty picture, it also has some properties that make it a good setting for cryptography.

The elliptic curve discrete logarithm is the hard problem underpinning elliptic curve cryptography. Despite almost three decades of research, mathematicians still haven't found an algorithm to solve this problem that improves upon the naive approach. In other words, unlike with factoring, based on currently understood mathematics there doesn't appear to be a shortcut that is narrowing the gap in a Trapdoor Function based around this problem. This means that for numbers of the same size, solving elliptic curve discrete logarithms is significantly harder than factoring. Since a more computationally intensive hard problem means a stronger cryptographic system, it follows that elliptic curve cryptosystems are harder to break than RSA and Diffie-Hellman. 2ff7e9595c