Asymmetric- and Symmetric-Key Cryptography

Cryptography is a means of ensuring safety of information and data, an important aspect when information is shared and/or communicated over public channels. The process involves asymmetric and symmetric encryption.

Asymmetric, or public-keyencryption uses a pair of connected keys, one of which is secret (only known to the recipient), while symmetric encryption uses only a secret key, and it is known to both the sender and the recipient of a message.

While encryption provides authentication to a message, digital certificates are the technique for providing verification of a user or file server. The digital certificate provides the secure communication link, as it uniquely identifies the sender of a message and holds the information needed for the recipient to extract the public key.

Symmetric-key encryption is faster than its counterpart as the keys are typically short, allowing for faster processing, with the same key usable for both encrypting and decrypting data. Symmetric-key cryptography uses some of the strongest algorithms available, including AES (Advanced Encryption Standard), DES (Data Encryption Standard), Triple DES, Blowfish, Twofish, and Serpent. Asymmetric- key cryptography also uses strong algorithms, including RSA (Rivest, Shamir, & Adleman), and DSA (Digital Signature Algorithm).

Despite the efficiency of symmetric encryption, asymmetric encryption is used more widely in the public sector due to the need for symmetric keys to be sent over public channels. It is likely that a forensic examiner will come across symmetric- and asymmetric-key encryption of files, emails, and full disks.

References

Czagan, D. (2013, October 23). Symmetric and asymmetric encryption [Blog post].  http://resources.infosecinstitute.com/symmetric-asymmetric-encryption/#gref