Asymmetric (public key) encryption in Java

In the symmetric encryption paradigm we've described, the same key is used for encryption and decryption. This means if Alice sends a message to Bob or vice versa, the two parties must somehow have agreed on a key to use for the conversation.

One solution to this problem is via an asymmetric encryption algorithm. In asymmetric encryption, also known as public key encryption or public key cryptography:

the key used to encrypt messages is different to the key used to decrypt those messages;
the key used for encryption is called the public key, and can be distributed freely;
the key used for decryption is called the private key, and must be kept a secret among parties that are allowed to decrypt messages encrypted with the public key;
the public and private keys form a key pair: they are generated togther and generally have some mathematical relationship between one another, so that to decrypt a message encrypted with a given public key, the decrypting party must know the private key that forms the "other half of the pair";
in a secure system, an attacker cannot determine the private key from the public key, nor can they decrypt encrypted messages knowing only the public key. Even though the keys are mathematically related, they're related by some function that is massively easier to calculate in one direction than the ohter (informally, you can think that multiplying is much easier than dividing; there are various so-called "trapdoor functions" that can in principal be used as the basis of an asymmetic encryption system).

A common paradigm in a centralised client-server system is that a private key is held securely on the server, while the corresponding public key is distributed to all clients.

Next: RSA public-key encryption

In practice, by far the most commonly used public key encryption system is RSA, named after its inventors. On the next page, we look at how to perform RSA encryption in Java.