It is at these four points that we come into contact with technology in everyday life – devices

(Excerpt from press release)

It’s a complicated term, but we come into contact with technology every day in the digital world. Just in time for Cybersecurity Awareness Month, Nils Gerhardt, CTO at Utimaco, looks at some examples where this applies.

Asymmetric encryption is an encryption method that uses two different keys, unlike symmetric encryption: a public key and a private key. These two keys are linked together using complex algorithms or mathematical operations that are difficult to reverse, making it possible to transfer the public key without deducing the private key.

Asymmetric encryption therefore provides a secure way to transmit information because the private key remains secret. The complexity of the algorithms that bind both keys is chosen such that it is not possible to compute a private key from a public key in real time. This makes asymmetric encryption particularly useful for secure communication across different channels on the Internet. Here the technology is used:

1) HTTPS

You can now see the lock icon in the browser address bar of almost all websites. This means that this is a secure connection. The abbreviation HTTPS at the beginning of the URL stands for Hypertext Transfer Protocol Secure, which is a communication protocol used to securely exchange data on the Internet. It is an encrypted version of the traditional HTTP protocol and provides protection against data theft and tampering during transmission.

Even before the first data exchange takes place between the user and the site, the user receives a public key with which his traffic to the site is encrypted. However, the operator’s private key is required for decryption.

2) End-to-end encryption of correspondents

For several years, the most popular messaging application in Germany, WhatsApp, has been offering so-called end-to-end encryption of messages. There is also asymmetric encryption behind this. In principle, the process works similarly to exchanging encrypted data with websites. However, the signaling protocol used means that both parties do not have to be online at the same time. In addition, short-lived session keys are used to prevent decryption of previously sent messages if the key is compromised.

3) Digital documents

The European Union is currently working on a so-called identity wallet. At some point, various documents in digital form will be integrated into this digital wallet. So that only authorized people can issue these documents, but everyone can verify them, asymmetric encryption and public key infrastructure (PKI) will also be used. When preparing documents, the private key will be used as the equivalent of an official stamp or seal. The public key corresponding to the test can be widely distributed.

4) Electronic signatures

In many digital processes, the signature is often the last analog bottleneck. This problem is addressed with electronic signatures. To obtain the highest level of electronic signatures, and qualified signatures, asymmetric encryption/PKI is again used. To sign a document, a private key is required. However, anyone can verify the signature. It is also interesting that the manipulations are noticed automatically. The hash (a kind of “cross-sum” of the data) of the signature is calculated. If the document is tampered with, this value will also change and the signature will no longer be valid.

Conclusion

Asymmetric encryption is used practically everywhere in the digital world where secure data exchange or verification of electronic documents is required. Technology therefore represents the cornerstone of cybersecurity. However, there is one challenge: private keys must be kept secret at all costs. To create keys and keep them secure, you can use so-called hardware security modules (HSMs). These devices are superior to software solutions because private keys in the computer’s main memory do not have to be read, making a remote attack practically impossible. In addition, many companies use key management solutions to keep many different keys under control. Crypto users also have to deal with quantum computers today. If this technology becomes widely available in the future, existing encryption methods could be attacked by their superior computing power. Therefore, we really need hardware that can be updated with new, quantum-safe algorithms if necessary.