Symmetric encryption uses one key for both encryption and decryption. Asymmetric encryption uses two keys: a public key and a private key. They are mathematically linked, but you canât derive one from the other.
Think of a mailbox on the street. Anyone can walk up and drop a letter through the slot. But only the person with the key to the mailbox can open it and read the letters.
The mail slot is the public key. Anyone can use it to âencryptâ (drop in a letter). The mailbox key is the private key. Only the owner can âdecryptâ (open the mailbox and read the letters).
In cryptographic terms:
Remember the chicken-and-egg problem? You need to share an AES key, but you canât send it securely because you donât have encryption yet.
Asymmetric encryption breaks the loop:
sequenceDiagram
participant B as Browser
participant S as Server
S->>S: Generate key pair (public + private)
S->>B: Here's my public key
B->>B: Generate random AES key
B->>B: Encrypt AES key with server's public key
B->>S: Encrypted AES key
S->>S: Decrypt with private key
Note over B,S: Both sides now have the same AES key
B->>S: Data encrypted with AES
S->>B: Data encrypted with AES
An eavesdropper sees the public key (useless for decryption) and the encrypted AES key (canât decrypt it without the private key). The key distribution problem is solved.
If asymmetric encryption can encrypt data, why not use it for all the data instead of just the key exchange?
Because itâs slow. Really slow. RSA encryption is roughly 1,000 times slower than AES. Encrypting a video stream or a large web page with RSA would be painfully slow.
So TLS uses a hybrid approach:
The handshake is the expensive part, but it only happens once per connection. After that, everything runs on fast AES.
RSA (named after Rivest, Shamir, and Adleman, who published it in 1977) was the first widely used asymmetric encryption algorithm. Itâs based on the mathematical difficulty of factoring large numbers.
The idea: take two very large prime numbers, multiply them together. That multiplication is easy. But given the product, figuring out which two primes were multiplied is extremely hard. RSA key generation picks two large primes, and the security of the system depends on the difficulty of factoring their product.
RSA key sizes:
These keys are much larger than AES keys (128 or 256 bits) because the underlying math is different. The security of RSA depends on key size in a different way than AES.
ECC is a newer approach to asymmetric cryptography, based on the mathematics of elliptic curves. It provides the same security as RSA but with much smaller keys.
| Security Level | RSA Key Size | ECC Key Size |
|---|---|---|
| 128-bit | 3072 bits | 256 bits |
| 192-bit | 7680 bits | 384 bits |
| 256-bit | 15360 bits | 521 bits |
A 256-bit ECC key provides roughly the same security as a 3072-bit RSA key. Smaller keys mean faster operations and less data to transmit. This is why ECC has become the preferred choice for TLS.
The most common ECC curves used in TLS are P-256 (also called secp256r1) and X25519 (used for key exchange).
Asymmetric encryption solves key distribution. But it introduces a new problem.
Your browser receives a public key that claims to belong to
yourbank.com. How do you know it actually belongs to your
bank? What if an attacker intercepted the connection and sent you their
own public key instead?
If you encrypt the AES key with the attackerâs public key, the attacker can decrypt it. They now have the AES key and can read everything. The encryption is working perfectly, but youâre talking to the wrong person.
This is the authentication problem. And itâs solved by digital signatures and certificates, which weâll cover after we look at Diffie-Hellman.