Asymmetric (public key) encryption in Java
Asymmetric encryption, also referred to as public key encryption, is a method for
communicating securely between different parties without them having to disclose a single secret key
over an insecure channel. Asymmetric encryption generally works as follows:
- Alice wants to send a secure message to Bob. So Bob generates a key pair,
consisting of a private key, which Bob keeps secret, plus a corresponding public key, which
Bob can freely disclose to Alice (or any other party).
- Alice encrypts her message using Bob's public key and sends it to Bob.
- Bob decrypts the message using his private key, which is required in order to decrypt it. Since Bob
never disclosed his private key, and this is required to decrypt the message, the communiction is
secure in principle.
One solution to this problem is via an asymmetric encryption algorithm.
In asymmetric encryption, also known as public key encryption or
public key cryptography:
- As with symmetric encryption, there are implementation choices that must often
be made to ensure that communication is actually secure (e.g. key sizes, preventing replay and
dictionary attacks, safe handling of private keys...);
- Asymmetric encryption is generally computationally expensive and inefficient for sending long messages,
and so only used in cases where a small number of bytes need to be encrypted;
- Because of the last point, it is commonly used to initiate a communication in what is called
a key exchange;
- Asymmetric encryption solves the problem of how to send data securely over an insecure channel with some other
party, but on its own, it does not solve the problem of verifying the identity of the party. (When Alice asks
Bob for his public key, asymmetric encrption alone does not guarantee that the responding party is actually
Bob and not a so-called "man in the middle".)
With additional infrastructure, some asymmetric encryption schemes can also be used to help address the last of
these points, i.e. party authentication.
Asymmetric encryption for key exchanges
As mentioned above, asymmetric encryption schemes are generally computationally expensive. In most use cases,
the "message" that is sent with asymmetric encryption is another encryption key: this time, a key
to a more efficient symmetric encryption
scheme that will then be used to continue the communication.
This system is used as a key exchange and because it is a common use case,
Java includes the KeyAgreement class to simplify the process, along with calls
to "wrap" and "unwrap" a key from a Cipher object.
A common asymmetric encryption scheme: RSA
One of the most commonly used asymmetric encryption schemes in practice is RSA encryption.
You can perform RSA encryption in Java by creating a Cipher
with the RSA scheme.
If you enjoy this Java programming article, please share with friends and colleagues. Follow the author on Twitter for the latest news and rants.
Editorial page content written by Neil Coffey. Copyright © Javamex UK 2021. All rights reserved.