What is the purpose of encrypting data?
If we want to have confidentiality when communicating with anyone, or if we want to protect our data that is stored on our equipment, encrypting or encrypting the data is something that you must do. Data encryption allows us to be sure that no one will be able to access the information contained, you will be able to see unintelligible information thanks to encryption, but you will not be able to decrypt this information and make it intelligible. Data encryption gives us confidentiality to a communication.
Depending on the type of communication or data encryption, we have two different types of cryptography:
- Symmetric cryptography– The same key or certificate that we use for encryption is also used for data decryption.
- Asymmetric cryptographyWe have two keys, a public key that we can share, and a private key that we cannot share with anyone. In an asymmetric cryptography scheme, data is encrypted with the public key and decrypted with the private key.
Symmetric cryptography has as its strength that it is very fast, both when it comes to encrypting the data and when it comes to decrypting the data. For this reason, symmetric cryptography is widely used to encrypt or encrypt a large amount of information, such as an encrypted hard drive, a partition or volume, and we can even create encrypted containers with this type of cryptography.
Asymmetric cryptography is much slower than symmetric, for this reason, it is usually used to securely transfer the private key of symmetric cryptography, with the aim that subsequent communication is through symmetric cryptography. Public key cryptography is also used in the PGP protocol to encrypt emails, in this case, it is not passed to symmetric cryptography as it happens with protocols such as TLS that we use widely in HTTPS and in different VPNs.
Now that we know that we can encrypt files, hard drive volumes, entire drives, emails and much more, we are going to explain the differences between the public key and the private key, both in an asymmetric or public key cryptography scenario and in one of symmetric cryptography.
Public and private key differences
On a stage of symmetric cryptography, the private key can both encrypt data and decrypt data, and is that the same key is used for both scenarios. Anyone who wants to encrypt or decrypt the data must have the appropriate password to perform both actions.
On a stage of asymmetric cryptography or also known as public key encryption, both public and private keys are used continuously. In the case of key pairs, they perform very important functions for the cryptographic system to function properly.
- Encrypting the information provides us with the confidentiality feature.
- Guaranteeing the authenticity of the issuer, provides us with the authentication feature.
- Ensure the integrity of the transmitted data.
In an asymmetric key communication scenario, the two people must exchange their public keys. As its name suggests, the public key should be distributed among the different communication participants, but you should never ever provide your private key. Furthermore, a characteristic of public key cryptography is that the private key cannot be obtained from the public key, or at least it should not be obtainable if the asymmetric algorithm is secure. For an asymmetric encryption algorithm to be secure, it must comply with the following:
- If the ciphertext is known, it must be impossible to extract the plaintext and private key by any method.
- If the original text and the encryption are known, it should be much more expensive to obtain the private key than the plaintext.
- A public key is associated with a private key only, which can decrypt information.
If one person wants to communicate with another, they must use their key pair as follows:
- You must send your public key to the destination of the communication.
- The recipient must also send their public key to the origin of the communication.
After the keys have been exchanged, the source of the communication must encrypt the communication with the public key of the destination. In this way, this communication can only be decrypted through the destination’s private key, which is intrinsically associated with the public key that was created. Of course, if we try to encrypt a message with the private key, we will not be able to decrypt it with the same private key, because we are not in a symmetric cryptography scheme.
If we use our private key with the message, it does not mean that it is encrypting the communication, but that it is digitally signing the message. To verify that the origin is authentic, the destination could verify the signature sent with the public key that it received from the origin, and we can authenticate it correctly.
The structure of the operation of asymmetric encryption is this:
- Message + public key = Encrypted message
- Encrypted message + private key = Decrypted message
- Message + private key = Signed message
- Signed message + public key = Authentication
Therefore, the differences between the public and private key in an asymmetric cryptography scheme are clear. The public key is public and must be distributed to those who wish to communicate with us, it serves both to encrypt messages and to verify authentication. The private key should not be distributed to anyone, and it serves to decrypt the message that has been encrypted with the public key, and it also serves to sign a message, and that the destination verifies the signature with the public key associated with the private one.