Security Encyclopedia

Asymmetric Encryption

Asymmetric encryption, also know as asymmetric cryptography or public key cryptography, uses two separate keys for encryption and decryption — a public key and a paired private key. It differs from Symmetric Key Cryptography, which uses the same secret key for both encryption and decryption functions.

In asymmetric encryption, the public key is widely available and used by others who want to encrypt a message being sent to you. The private key is a matching secret key held by the user and is the only key that can decrypt messages that are sent to it.

How Asymmetric Encryption Works

Asymmetric encryption is often explained using the “lockbox analogy.” Imagine Alice has a three-position lockbox, which locks to the left and also locks to the right, and only in the center position is it unlocked. The lockbox has two keys, Left Key (which can only turn to the left) and Right Key (which can only turn to the right). So if the box is in the left-locked position, only the Right Key can open it. And if the box is in the right-locked position, only the Left Key can open it. Alice makes copies of the Left Key and sends one to Bob while keeping the Right Key secret. This means that Bob can use the public Left Key to send Alice things in a box which only she can open (i.e., they are locked to the left). Also, Alice can lock a box using her secret Right Key. If Bob or anyone else receives the box and it has been locked to the right, they know it came from Alice and can use their Left Key to unlock.

Asymmetric encryption forms the basis of public key infrastructure (PKI) systems, which in turn drives most of today's secure digital communications. Passwordless authentication standards set by the FIDO Alliance leverage asymmetric cryptography.


"TLS uses both asymmetric and symmetric encryption to protect data as it is transmitted. Asymmetric cryptography is used for the TLS handshake, which establishes a secure session between client and server and sets up a shared symmetric encryption key. Symmetric encryption is then used to exchange data within the secured session."