Asymmetric Encryption and Key Pairs
Understand RSA and elliptic curve cryptography, how public/private key pairs enable secure communication without sharing secrets.
How Asymmetric Encryption Works
Asymmetric encryption (also called public-key cryptography) uses mathematically linked key pairs: a public key that can be freely distributed, and a private key that must be kept secret. Data encrypted with the public key can only be decrypted with the corresponding private key — and vice versa. This elegant design solves the key distribution problem of symmetric encryption: you can share your public key openly without compromising security, because only your private key can decrypt messages sent to you.
RSA: The Most Widely Used Algorithm
RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric encryption algorithm, invented in 1977. Its security relies on the mathematical difficulty of factoring the product of two large prime numbers. RSA supports key lengths of 1024, 2048, and 4096 bits — 2048-bit RSA is the current minimum recommendation, with 4096-bit for long-term security. RSA is used for key exchange in TLS (though increasingly replaced by ECDHE), digital signatures in certificates, and S/MIME email encryption.
# Generate an RSA 2048-bit key pair
openssl genrsa -out private.pem 2048
# Extract the public key
openssl rsa -in private.pem -pubout -out public.pem
# Encrypt with public key (only private key can decrypt)
openssl rsautl -encrypt -inkey public.pem -pubin -in message.txt -out encrypted.bin
# Decrypt with private key
openssl rsautl -decrypt -inkey private.pem -in encrypted.binAll lessons in this course
- Symmetric Encryption Algorithms
- Asymmetric Encryption and Key Pairs
- Hashing and Data Integrity
- Key Exchange and Hybrid Encryption