Symmetric vs Asymmetric encryption: What’s the difference?
In this blog post, we explain the main differences between Symmetric vs Asymmetric encryption. This article will also explain which encryption method you should use.
Some words about different encryption methods
In today’s world, scammers and other cyber-criminals are becoming more and more present affecting millions of users. To prevent these individuals from stealing our data we have to encrypt everything. There are three encryption techniques namely Symmetric encryption, Asymmetric encryption and Hash functions (Keyless).
Mailfence uses Symmetric and Asymmetric encryption as each method has its own pros and cons. You will learn more about that later. Both encryption methods use keys to encrypt and decrypt data. Symmetric encryption uses the same key to encrypt and decrypt data making it very easy to use. Asymmetric encryption uses a public key to encrypt data and a private key to decrypt information.
What is symmetric encryption?
Symmetric encryption aka secret key encryption uses one single key to encrypt and decrypt data. You have to share this key with the recipient. Let’s say you want to say I love you Mom, you would write your email, then set a secret key to encrypt it. When mom receives the message she would enter the secret key to decrypt the email.
How does Mailfence incorporate secret key encryption
Mailfence offers password-encrypted messages (PEM) based on symmetric encryption. Our solution allows you to set a password hint that helps the recipient to decrypt the message. Some ways to share the password are an SMS, a phone call or during a physical meeting.
Also with Mailfence’s PEM, you can set an expiration date for the email. After the expiration date, the email cannot be decrypted anymore. Furthermore, password-encrypted messages are stored on a zero-knowledge environment. Additionally, they are encrypted with your password so only you and the intended recipient have access to the message. In case you would like to know more visit our dedicated knowledge base.
Some good practices for our PEM. Never use your OpenPGP passphrase, never use your Mailfence account password. If you are sending an important message make sure unwanted readers cannot guess your password.
For our tech-savvy folks out there, there are many symmetric encryption algorithms for instance: DES, 3DES, AES, IDEA, RC4, RC5,… For your info, Mailfence uses AES in combination with other ciphers.
Pros and cons of Symmetric Encryption
The advantages of the symmetric encryption are that it is easy to set up and can be done in a jiffy. Moreover, it is pretty straight forward, all ages and backgrounds can use it. Asymmetric encryption is more difficult to comprehend and use.
The drawback is that the secret key needs to be shared with the recipient. In the case of PEM, the secret key is encrypted with the user password. Just make sure that the password is not easily guessed. If you use the same secret key to encrypt all your emails and if someone learns that secret key, you will compromise all your encrypted emails.
What is Asymmetric encryption?
As stated, earlier Asymmetric encryption requires two keys to work. Firstly, a public key must be made public in order to encrypt the data. Secondly, a private key used to decrypt the data. It sounds complicated enough. Let me break it down.
The public key and the private key are not the same thing but they are related. Moreover, you create your message then encrypt it with the recipient’s public key. After that, if the recipient wants to decrypt your message he/she would have to do it with his/her private key. Keep the (private) key private at all times, the best practice would be to store it locally. One requires greater knowledge than the average person to make this happen.
The emailing software of the recipient will see if the private key corresponds with the public key and then it will prompt the user to type the passphrase to decrypt the message. Some best practices for asymmetric encryption: Use 2048 bits and above keys. Finally creating strong keys is the foundation of Asymmetric encryption. A good encryption practice would be to use multiple encryption methods instead of just one. Not everyone knows how to use Asymmetric encryption so there may be occasions you have to use either Hash functions or Symmetric encryption.
Pros and cons of Asymmetric encryption
The advantage of Asymmetric encryption is that it does not force the user to share (secret) keys as symmetric encryption does. Therefore, removing the necessity of key distribution. Asymmetric encryption supports digital signing which authenticates the recipient identity and make sure that message is not tampered in transit.
The cons of Asymmetric encryption are that it is time-intensive and it requires considerably more effort. What’s more, you can send encrypted emails only if the other person has created key pairs which means the other person must be knowledgeable. Finally, if you lose your private key – you will lose it forever. The private key is irrecoverable which could create a whole series of new problems for you to deal with.
Mailfence uses Asymmetric encryption based on the RSA-algorithm for OpenPGP based keys. ECC (Curve 25519) algorithm for OpenPGP based keys is also supported.
Thoughts on Symmetric vs Asymmetric encryption
Which encryption should you use? Use Symmetric encryption when you would like to send a quick encrypted message. Use Asymmetric encryption when you have the verified OpenPGP public key of your recipient. Combine asymmetric encryption with digital signatures if you don’t want to take any chances. Don’t know how to send encrypted emails? Find out more in our blog post.
Symmetric vs Asymmetric encryption was a very interesting article for us to write. We hope, we have clarified the concept of Symmetric vs Asymmetric encryption. Stay tuned because Mailfence is planning to release more of these educational articles in the near future.
Symmetric encryption uses a private key to encrypt and decrypt an encrypted email.
Asymmetric encryption uses the public key of the recipient to encrypt the message. Then if the recipient wants to decrypt the message the recipient will have to use his/her private key to decrypt. If the keys correspond then the message is decrypted.
In our opinion, one encryption method is not better than the other. It’s just a different way of encrypting. The user has to be mindful if he/she follows best security practices at all times.
The biggest disadvantage is that you have to share the secret key somehow. There are many ways to share it however if an attacker finds out what the secret key is. Then emails that were encrypted with that secret key are compromised.
– Mailfence Team