In my previous post (What Is Public Key Encryption), I provide an overview of encryption and why organizations need to use it to manage and protect machine communications and data. In this post, I look at the two types of encryption keys that are used in machine identity management, the public key and the private key—and how the two types differ.

Symmetric encryption utilizes the same private, secret key to encrypt and decrypt data. Asymmetric or public key encryption uses two different keys; a public key which is used to encrypt data, making it indecipherable, and a private, secret key, which is used to decrypt data.

Symmetric and asymmetric encryption

There are two modes of encryption: symmetric encryption and asymmetric encryption, and keys are created using a symmetric or asymmetric algorithm depending on which method is being used. Before we examine the difference between public and private keys, it’s important to understand the differences between symmetric and asymmetric encryption.

Symmetric encryption involves only one key to encrypt and decrypt data. Both the sender and the recipient use the same key. Asymmetric or public key encryption requires a pair of keys, one public key and one private key, to encrypt and decrypt data. The public key can be openly distributed, allowing anyone to use the public key for encryption. However, the public key cannot be used to decrypt the ciphertext.

The illustrations below, courtesy of Javvad Malik, depict how symmetric and asymmetric encryption work.

Illustrations of how symmetric and asymmetric keys work

Symmetric encryption is faster than asymmetric encryption because the algorithm used to encrypt data is less complex. But there is a major drawback to relying on a single key to encrypt and decrypt data. If that single key falls into the hands of a malicious actor, they can use it to decrypt the message and read its contents.

The primary drawback of asymmetric encryption is that the process requires significant computing power, which can slow down the process and make it unsuitable for long computing sessions.

Benefit of public keys

The greatest security benefit of using public key encryption is that a malicious actor cannot compromise machines and data without having the corresponding private key to decrypt them—no matter how widely distributed the public key may be.

And it helps that the algorithms used to encrypt these keys are hard to crack. The most commonly used algorithms for generating public keys are:

Rivest–Shamir–Adleman (RSA)
Elliptic curve cryptography (ECC)
Digital signature algorithm (DSA)

Benefit of private keys

A private key is maintained as a secret key. The sender of a message can use the recipient’s public key—since it’s public, and anyone can view it—to encrypt the message. At this point, the message can be transmitted openly, but securely, over the internet, where then only the recipient can decrypt the message with the appropriate, corresponding private key. The security service provided when using a private key is simply confidentiality.

Public-private key pair

Asymmetric encryption involves a public key and a private key. The public key is used to encrypt data. The private key is used to decrypt data. The public—private key pair has a mathematical relationship, which means that the data encrypted with a public key can only be decrypted with the corresponding private key. Confidentiality, authentication and non-repudiation are security services that are provided when using the public key pair.

Public key infrastructure

Public key encryption is enabled by public key infrastructure (PKI), a broad framework that sets forth the technology and processes that secures internet connections and verifies the identity of users and machines. It’s used to secure communication over the internet using a public-private key pair, where only the intended recipient has the private, secret key. This public-private key pair relationship ensures that only the intended recipient can decrypt data that was encrypted using the public key.

Common applications of public keys

Using public key pairs not only ensures that the message is secure but it also provides confidence in the identity of the sender. A public key can encrypt data and it can also verify a digital signature. Public keys are used in connection with the following:

Digital certificates
Digital and machine identities
Mass scale deployment of certificates
Two-way SSL/TLS authentication

Digital certificates support identity verification and authentication. For example, when an individual signs a document digitally, their private key is used to digitally sign the document, and the recipient of the signed document verifies the authenticity of the signature with the sender’s public key. Email signing and code signing certificates have similar characteristics. For both certificates, the public key is used to verify the senders—or in the case of code signing certificates, the developer’s signature.

Conclusion

The primary difference between a private key and a public key is that the private key must remain a secret to the owner. Symmetric encryption, while much faster than asymmetric encryption, can be less secure due to the key distribution and management problems. Poorly distributed keys or mismanaged keys that fall into the hands of a bad actor may provide an opportunity to decrypt a message using the private key.

Either way, the strength of the encryption is directly related to the protection offered to the cryptographic keys. Venafi Control Plane for Machine Identities allows you to protect all the TLS keys and certificates, SSH keys, code signing keys and user certificates being used across your extended enterprise.

(This post has been updated. It was originally published on January 12, 2022.)

Related posts

Authors

Topics

Subscribe to our Weekly Blog Updates!