What is the difference between symmetric and asymmetric encryption

Symmetric and asymmetric encryption are THE two ways to perform encryption or signing of data.

Symmetric encryption

Symmetric encryption refers to the principle of both encrypting and decrypting data with the same key. In this situation, when exchanging a secret message, both the sending party and the receiving party need to have the same key. The key that is used for encryption by the sending party must also be used by the receiving party to decrypt the secret message. You can find an example here.

Asymmetric encryption

Asymmetric encryption is more interesting than symmetric encryption, it needs 2 keys and is also known as public/private key encryption. This means that one key is used for encrypting data and another key for decrypting data. This principle is based on prime numbers, devised by smart mathematicians. Both the public and private key are linked to each other. The public key is not secret and may be known by anyone. This doesn’t compromise the security. The private key must be kept secret and may not be revealed.

There are many possibilities for the use of asymmetric cryptography. The private key can be used to encrypt, the public key to decrypt. In this situation, only a specific party can encrypt messages, everyone can read it. Also, the public key can be used to encrypt and the private key to decrypt. In this situation everyone can encrypt a message, only the receiver can read it. No one can read such message in transport, only the owner of the private key.

Also signing of data can be performed with asymmetric cryptography. For example, with the private key a signature can be created for a set of data (think of it as hash with a key involved). This signature can be verified with the related public key. This way, the receiver of a signed message, can assure that a message is originating from a specific sender, the owner of the private key.

Practical application of symmetric and asymmetric encryption

A common application of both symmetric and asymmetric encryption is HTTPS. The protocol that we use on daily bases for visiting websites. This protocol uses asymmetric encryption to setup a secure connection between the website and the browser. At setup asymmetric encryption is used to exchange a symmetric key which is used for the rest of the connection period. Furthermore to assure the source of the data on the website is reliable (is this site really Google), HTTPS provides signatures based on asymmetric cryptography.