Sorry your browser is not supported!

So I have been doing some research on encryption lately, and an excellent website I found described the difference between what is known as symmetrical encryption, which already made sense to me, and another thing known as asymmetric encryption.

For those who don't know the difference, symmetric encryption both encrypts and decrypts data with the exact same key, so both sides must have the same key. This is an issue for Internet encryption as for encrypted data transfer to occur between two computers, both must have the same key but they must be the only ones with said key, so the key must be sent across the Internet. However, at this point, it's possible for any other computer to see this key, and now more than just the two computers may have the key, therefore defeating the purpose.

Anyway, the website went on to explain how to fix this, you must use what is called asymmetric encryption. The excellent analogy the site used to explain it is as follows:

Person A wants to send person B a box containing private contents. So person A asks for person B's unlocked lock. With this lock, person A locks the box containing the private contents with this lock, and now only person B, the recipient, is able to unlock to box as they are the only one with the key; they did not ever send their key, only the unlocked lock.

When applied in an actual computerized data encryption application, the recipient of encrypted data sends out a public encryption key, and computers wanting to send encrypted data to this computer can use this key to encrypt the data. The receiving computer then uses its own private key to decrypt the data.

This all makes sense to me and I find it to be very clever, but it implies that the public encryption key allows you to encrypt data but not decrypt it.

It would only make sense that if you're able to encrypt data with some key, you should be able to decrypt it as well with the exact same key. So the main question I'm getting to is, how does a key allow you to encrypt data but not decrypt it?

I'd recommend looking up encryption in general first, then look into some more specific public-key encryption algorithms such as RSA.

Just a note though, public-key encryption is much slower than shared-key encryption, which is why public-key is often used to send a shared private key to each party and not for the main encryption.

Ah, that makes sense; been doing a bit of reading on some of the key sharing via public encryption and such. As I understand it, the private and public keys used to encrypt and decrypt data are different but mathematically linked, allowing for one to encrypt data and not decrypt, and vice versa. I shall read up on that algorithm to see!

Another very interesting thing I read was a method for transferring data between two entities each having different keys, the analogy for which follows:

Jim wants to send some secret package to Bob, so he puts the package in the box and locks it with his personal padlock, and sends it to Bob. When Bob gets this box, he can't unlock Jim's lock but he puts his own lock on the box, then sends it back to Jim. At this point, Jim takes his padlock off of the box and then sends it back to Bob. Bob then takes his padlock off of the box, and has the package. Although both have different keys, all 3 times the package was sent, it was locked with 1 or more locks.

As this applies in computerized data encryption, computer A would encrypt the data with its own key, send it to computer 2 where the data encrypted with computer 1's key is encrypted with computer 2's key, sent back to computer 1 where it's decrypted with computer 1's key, then finally sent back to computer 2 which it decrypts with computer 2's key and has the data.

This method has a few downsides, those being that the keys must be commutative to facilitate the layered encryption and such, an example is XORing the data with the key, as shown in this example:


The other downside is that it requires 3 data transfers and not 1, so would in theory take around 3 times longer for the data to go un-encrypted on one computer to un-encrypted on the next. Does anyone know if or how often this method is used?

Yeah, that's the idea. Through a trick of mathematics, the public and private keys can be used to encrypt while the other decrypts. But since the keys are mathematically related, the public key can be used to figure out what the private key is. Luckily for us, this is a very hard problem and there doesn't currently exist a clever algorithm to get the private key from the public key in a reasonable amount of time.

Another advantage of this system is that it works in reverse. Bob can encrypt data with his private key and anyone with his public key can decrypt it. Since everyone has access to the public key to decrypt, the data itself isn't too safe, but since only Bob's public key can decrypt the data, we know it must have been sent from Bob. This way, the private key works as a signature.


I've never heard of this method. But there is a lot of back and forth between a user and a server while they try and verify they are actually talking to who they should be. This works somewhat like you described.

Ah! Thanks for the descriptive post