Gyaan

Symmetric vs Asymmetric Encryption

intermediate encryption aes rsa ecc cryptography tls

Encryption comes in two flavors: symmetric (same key on both sides) and asymmetric (one public key, one private key). They solve different problems, and modern protocols like TLS use them together.

Symmetric Encryption

Both sides share one secret key. The same key encrypts and decrypts.

In simple language: it’s like a lock where the same key opens and closes it. Fast, simple, but how do we share the key in the first place without someone intercepting it?

  • Algorithms: AES (the standard), ChaCha20, 3DES (legacy)
  • Speed: Very fast. AES-NI hardware can do gigabytes per second.
  • Problem: Key distribution. We can’t email the key, anyone could read it.
# Encrypt a file with AES-256 using openssl
openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc
# Both sides need the same passphrase

Asymmetric Encryption

Each side has a key pair: a public key (share with anyone) and a private key (never share). Anything encrypted with the public key can only be decrypted with the matching private key.

In simple language: imagine a mailbox with a slot. Anyone can drop a letter in (encrypt with public key), but only the person with the key (private key) can open it.

  • Algorithms: RSA, ECC (elliptic curve), Diffie-Hellman, Ed25519
  • Speed: Much slower than symmetric. RSA-2048 is roughly 1000x slower than AES.
  • Solves: Key exchange and digital signatures. We never need to share a secret beforehand.
# Generate an RSA key pair
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

Side by Side

Symmetric
One shared key
Examples: AES, ChaCha20
Speed: Very fast
Key size: 128/256 bits
Used for: Bulk data encryption
Problem: How to share the key?
Asymmetric
Public + private key pair
Examples: RSA, ECC, Ed25519
Speed: Slow (~1000x slower)
Key size: 2048+ bits (RSA), 256 (ECC)
Used for: Key exchange, signatures
Solves: Key distribution problem

Why TLS Uses Both

This is the brilliant part. TLS combines them to get the best of both worlds:

  1. Asymmetric crypto at the start of the connection — to safely exchange a session key. The server’s public key (in the certificate) is used to securely send the shared secret.
  2. Symmetric crypto for the rest of the conversation — because once both sides have the shared key, AES is fast enough to handle gigabytes of data without slowing things down.

In simple language: we use the slow-but-safe lock to deliver the fast-but-naked-without-it lock. Then we throw away the slow one.

1. Client gets server's public key (from the certificate)
2. Client + server use it to negotiate a random AES key
3. The rest of the session uses AES (fast)

Digital Signatures (Asymmetric, Reversed)

Asymmetric crypto also enables signatures. We sign with our private key, anyone can verify with our public key. This is how certificates work — a CA signs a cert with its private key, browsers verify with the CA’s public key.

Interview Tip

If asked “is RSA symmetric or asymmetric?” — RSA is asymmetric. If asked “why don’t we use RSA for everything?” — because it’s slow and key sizes balloon. Always mention the hybrid approach in TLS — it’s the cleanest answer.

References