Asymmetric encryption is often referred to as public key encryption
. It can use
either the same algorithm, or different but complementary algorithms to
scramble and unscramble data. The required public key and a private key are
different, but related. For example, if Alice and Bob want to communicate using
public key encryption, both need a public key and private key pair. Alice has
to create her public key/private key pair, and Bob has to create his own public
key/private key pair. When communicating with each other securely, Alice and
Bob use different keys to encrypt and decrypt data.
The mechanisms used
to generate these public/private key pairs are complex, but they result in the
generation of two very large random numbers. One of which becomes the public
key and the other becomes the private key. Because these numbers, as well as
their product, must adhere to stringent mathematical criteria to preserve the
uniqueness of each public/private key pair, generating these numbers is fairly
processor intensive.
Some of the more common public key algorithms are
the Rivest-Shamir-Adleman (RSA) algorithm and the El Gamal algorithm. Public
key encryption algorithms are rarely used for data confidentiality because of
their performance constraints. Instead, public key encryption algorithms are
typically used in applications involving authentication using digital
signatures and key management.
RSA is the public key cryptographic system
developed by Ron Rivest, Adi Shamir, and Leonard Adleman
. The two
methods are RSA signatures and RSA encryption. RSA encryption generates a value
known as a nonce. A nonce is temporary random string, which is generated and
combined with the peer public key. This is more secure than the shared key
method of authentication. However, it requires more processing power and
decreases throughput performance. An RSA signature is the method that uses
digital certificates. This method is very scalable and typically is used by
medium and large corporations.
Non-repudiation is the ability to prove a
transaction occurred, similar to a signed package received from a shipping
company. This is very important in financial transactions and similar data
transactions. RSA signatures provide non-repudiation. RSA encryption does not
provide non-repudiation.