What is symmetric encryption?
Encryption using the SAME key for both encryption and decryption. Also called a secret key or shared secret. Fast and efficient but requires the key to be securely shared β creates a key distribution problem at scale.
What is asymmetric encryption?
Encryption using TWO mathematically related keys: a public key (freely shared) and a private key (kept secret). Encrypt with the public key β only the private key can decrypt. Slower but solves the key distribution problem.
To send Alice an encrypted message, which key do you use?
Alice's PUBLIC key. Anyone can use Alice's public key to encrypt messages for her. Only Alice's private key can decrypt those messages. Alice's private key never leaves Alice's hands.
Can you derive the private key from the public key?
No β computationally infeasible. Although the keys are mathematically related (created together from large prime numbers), reversing the process to derive the private key from the public key is computationally infeasible. This is the security foundation of asymmetric encryption.
What is the scalability problem with symmetric encryption?
With N users, every pair needs a unique key = N(N-1)/2 keys. With 1,000 users: ~500,000 keys to distribute and manage. Asymmetric encryption solves this β each person only needs ONE key pair regardless of how many people they communicate with.
What is hybrid encryption?
Using asymmetric encryption to securely exchange a symmetric key, then using symmetric encryption for the actual data. Asymmetric = secure key exchange. Symmetric = fast bulk encryption. Used in TLS, HTTPS, VPNs, SSH.
What is PKI?
Public Key Infrastructure. The complete ecosystem β policies, procedures, hardware, software β for creating, distributing, managing, storing, and revoking digital certificates and cryptographic keys.
What is key escrow?
Storing copies of private keys with a trusted third party or organizational vault. Enables recovery of encrypted data if the key owner leaves or loses their key. Requires very strong access controls to prevent abuse.
Why is the public key safe to share openly?
Because knowing the public key doesn't let anyone decrypt messages (only the private key can) and doesn't let anyone derive the private key. The public key is MEANT to be shared β that's its entire purpose. It solves the key distribution problem.
Why is asymmetric encryption slower than symmetric?
Asymmetric algorithms involve complex mathematical operations on very large prime numbers. This makes them computationally intensive β much slower than symmetric algorithms for bulk data. That's why hybrid encryption uses symmetric for the actual data.
What does "mathematically related" mean for key pairs?
Both keys are generated simultaneously from the same mathematical process (large prime numbers, randomization). This creates a one-way relationship: data encrypted with one key can only be decrypted with the other. But you CANNOT go backward β you cannot derive the private key from the public key.
If an attacker intercepts a ciphertext AND has the public key, can they decrypt it?
No. The ciphertext was encrypted with the public key. Only the private key can decrypt it. Having both the ciphertext and the public key provides no ability to recover the plaintext β the private key is essential.
How is a key pair generated?
Through a mathematical process involving extensive randomization and very large prime numbers. Both keys are produced simultaneously. The process takes seconds for an individual. After generation, the public key is distributed freely; the private key is stored securely (often with a password).
What are PGP and GPG?
Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) β applications implementing asymmetric encryption for email and file encryption. Users create key pairs, publish public keys, and use them to encrypt/decrypt messages. Classic real-world implementation of public key cryptography.
What is the CA in PKI?
Certificate Authority β a trusted organization that issues and manages digital certificates. Verifies the identity of certificate applicants and digitally signs certificates to establish trust. PKI infrastructure is built around CAs.
Symmetric encryption is sometimes called a "shared secret." Why?
Because the same key is used for both encryption and decryption β the secret must be SHARED with anyone who needs to decrypt the data. This sharing requirement is the fundamental weakness and scalability problem of symmetric systems.