Asymmetric Encryption

IT Security — Defense Against the Digital Dark Arts · Cryptography

Aaj Hum Kya Seekhenge?

Do keys: public aur private. Tum seekhoge: Asymmetric encryption kya hai: key pair: public key…

Seekhne Ka Maqsad

Do keys: public aur private. Tum seekhoge: Asymmetric encryption kya hai: key pair: public key (share openly) + private key (keep secret); encrypt with public key → only private key can decrypt; sign with private key → anyone can verify with public key; slower than symmetric; solves key distribution problem; RSA (Rivest-Shamir-Adleman): most widely used asymmetric algorithm; based on: difficulty of factoring large prime numbers; key sizes: 2048, 3072, 4096 bits; 2048 minimum recommended; used for: digital signatures, key exchange, encryption (small data); not suitable for bulk data (too slow); Diffie-Hellman (DH) Key Exchange: enables two parties to agree on shared secret over insecure channel; doesn't encrypt data itself; creates shared key → then use symmetric encryption; vulnerable to MitM (need authentication); ECDH (Elliptic Curve DH): smaller keys, same security; 256-bit ECDH ≈ 3072-bit RSA; faster, less resource-intensive; preferred on mobile/IoT; DSA (Digital Signature Algorithm): digital signatures only (not encryption); NIST standard; being phased out in favor of ECDSA; ECDSA (Elliptic Curve DSA): elliptic curve version; smaller, faster signatures; used in: Bitcoin, TLS, SSH; EdDSA/Ed25519: modern; fast; deterministic (no random number needed during signing); SSH key: `ssh-keygen -t ed25519` (recommended); Elliptic Curve Cryptography (ECC): based on: algebraic structure of elliptic curves; smaller keys with equivalent security; 256-bit ECC ≈ 3072-bit RSA; faster operations; preferred for modern applications; Hybrid encryption (how TLS/HTTPS actually works): asymmetric is slow for bulk data; symmetric is fast but has key exchange problem; solution: hybrid; step 1: use asymmetric to exchange/agree on symmetric key; step 2: use symmetric key for actual data encryption; this is how TLS works; Key exchange flow in TLS: client hello → server hello + certificate; server sends public key (in certificate); client generates random symmetric key (pre-master secret); encrypts with server's public key → sends to server; server decrypts with private key; both derive session keys; all further communication uses symmetric encryption (AES-GCM); Post-quantum cryptography: quantum computers could break RSA/ECC; NIST standardizing new algorithms; CRYSTALS-Kyber (key exchange), CRYSTALS-Dilithium (signatures); organizations should plan for migration.

Aaj Kya Seekha?

Lesson 2 Complete!

Asymmetric Encryption · Cryptography