Asymmetric (public key) encryption in Java
In the symmetric encryption paradigm we've described,
the same key is used for encryption and decryption. This means if Alice sends a message
to Bob or vice versa, the two parties must somehow have agreed on a key to use for the
One solution to this problem is via an asymmetric encryption algorithm.
In asymmetric encryption, also known as public key encryption or
public key cryptography:
- the key used to encrypt messages is
different to the key used to decrypt those messages;
- the key used for encryption is called the public key,
and can be distributed freely;
- the key used for decryption is called the private key,
and must be kept a secret among parties that are allowed to decrypt messages encrypted
with the public key;
- the public and private keys form a key pair: they are generated
togther and generally have some mathematical relationship between one another,
so that to decrypt a message encrypted with a given public key, the decrypting party
must know the private key that forms the "other half of the pair";
- in a secure system, an attacker cannot determine the private key
from the public key, nor can they decrypt encrypted messages knowing
only the public key. Even though the keys are mathematically related, they're related
by some function that is massively easier to calculate in one direction than the
ohter (informally, you can think that multiplying is much easier than dividing;
there are various so-called "trapdoor functions" that can in principal be used as
the basis of an asymmetic encryption system).
A common paradigm in a centralised client-server system
is that a private key is held securely on the server, while
the corresponding public key is distributed to all clients.
Next: RSA public-key encryption
In practice, by far the most commonly used public key encryption system is
RSA, named after its inventors. On the next page, we look at
how to perform RSA encryption in Java.