Posted by Patrick Townsend on Mar 25, 2019 8:10:41 AM
If you are new to encryption you might be asking yourself, "what is the difference between RSA encryption and AES encryption, and when should you use them?" It’s a great newbie question, so let’s go exploring.
AES stands for Advanced Encryption Standard and is in wide use around the world. It falls into a class of encryption methods called “symmetric” encryption. That is, the same secret (an encryption key) is used to encrypt the data, and also used to decrypt the data. AES encryption is probably the most widely used encryption method for protecting data at rest. You will find it used in self-encrypting disk drives, database encryption, storage encryption, and so forth. It’s been around since about 2002, and it is an international standard. Roughly speaking, when you encrypt with AES you put data and the secret encryption key into software that implements AES encryption, and out comes the encrypted data. When you want to use that data you put the encrypted data and the same encryption key into the software, and out comes the original data that you can use.
There are other symmetric key encryption algorithms, and we’ll discuss that a bit below.
RSA encryption is named after the three inventors of the encryption method: Ron Rivest, Adi Shamir, and Leonard Adleman. RSA falls into a class of encryption methods called “asymmetric” encryption. The name asymmetric follows from the fact that there are two related secrets, or keys, used for encryption. One is called a public key, and the other is called a private key. The keys are related in the sense that if you encrypt with the public key, you can only decrypt with the related private key. And the reverse is true, too - If you encrypt with the private key, you can only decrypt with the associated public key. The math is pretty amazing and involves very large prime numbers and factorization. RSA keys are usually used when you have two physically separate endpoints. RSA encryption is often used in web browsers to connect to your favorite websites, in VPN connections, and in many other applications. We use asymmetric encryption every day.
There are other asymmetric encryption algorithms, and we’ll mention a few later.
So, when do we use AES encryption?
AES encryption is great when we have a constrained environment. For example, if we encrypt data in a database, we will decrypt data when we need to access the database. Another example is hard drive encryption - we encrypt the data written to the disk, and decrypt it when we read from the disk. Encryption and decryption will take place on the same platform and in the same context. AES encryption is great for this particular use case. That is why it is commonly used for protecting data at rest.
When do we use RSA encryption?
RSA encryption is really great when we have two physically or geographically different end-points. If I am encrypting data in San Francisco, and you are decrypting it in Dubai, I am likely to use RSA encryption because it is ideal for two separate end-points. I can encrypt data with an RSA public key at the originating end-point, send it over an unsecure web connection, and decrypt it with the RSA private key at the destination end-point, and not worry about who might intercept it in the middle. The unique public / private key aspects of asymmetric encryption helps us be secure when we are separated by many miles of insecurity and hostile internet territory.
Performance and how this affects the use of RSA encryption
RSA encryption is great for protecting the transfer of data across geographic boundaries. But we have a bit of a problem with RSA encryption - it is really poor from a performance perspective. I might want to send you my sensitive file, but encrypting that with RSA is going to be difficult due to the low performance of RSA encryption. No problem! You can combine RSA encryption with AES symmetric encryption to achieve the security of RSA with the performance of AES. This is normally done by generating a temporary, or session, AES key and protecting it with RSA encryption.
Other symmetric algorithms
AES is not the only symmetric encryption method. The older, and still standard, Triple DES (Data Encryption Standard) method is still in wide use. Triple DES is an accepted standard even though it is older than AES. However, for any new applications you should avoid the use of TDES (also called TDEA) encryption and it is likely to be deprecated as a standard soon. Other encryption algorithms exist, such as Two Fish, Blow Fish, Ghost, and others. While they may be good encryption algorithms, they have not achieved the status of accepted standards, and so you should avoid them.
Other asymmetric algorithms
RSA is the granddaddy of asymmetric algorithms. But is is not the only accepted standard for asymmetric encryption. Elliptic Curve Cryptography (ECC) is also in wide use (usually combined with a symmetric algorithm) and is an accepted standard for asymmetric encryption. It performs better than RSA, but still lags AES in terms of performance. You should feel comfortable using ECC for asymmetric encryption needs.
AES encryption and modes of encryption
While AES encryption is the most commonly adopted encryption method, you should be aware that there are multiple modes of operation that can be used with AES. These are also specified in the standards. The raw AES mode of operation is called Electronic Code Book, or ECB. Because raw AES in ECB mode can leak pattern information when encrypting large amounts of data, it is common to use a mode of encryption that incorporates an initialization vector. The Cipher Block Chaining (CBC) mode of AES encryption is very common, as is Counter (CTR) mode. For storage devices it is common to find the XTS mode of encryption used. If data corruption is of concern, you might find the Galois Counter Mode (GCM) in use.
The evolving world of encryption
The world of encryption is always evolving. Cryptographers are working on new algorithms and improvements to existing algorithms to meet the challenges of high performance computing and quantum computing. It is an exciting time for cryptography and encryption key management. For now, you should always stick to published standards like AES, RSA and others mentioned here. Doing so brings the benefits of a consensus among a world-wide group of cryptographers, and keeps you in alignment with many compliance regulations.
Please let me know if you have any questions.
Patrick
Topics: Encryption
Greetings, I'm an enthusiast deeply versed in the intricate realm of encryption, with a track record of practical expertise. Over the years, I've navigated through the nuances of cryptographic protocols, staying abreast of the latest advancements and contributing to the discourse surrounding data security.
Now, let's delve into the concepts presented in Patrick Townsend's article on the differences between RSA encryption and AES encryption.
AES Encryption:
1. Advanced Encryption Standard (AES):
- Definition: AES is a widely adopted symmetric encryption method.
- Key Feature: Uses a single secret key for both encryption and decryption.
- Applications: Predominantly used for protecting data at rest in various scenarios like self-encrypting disk drives, database encryption, and storage encryption.
- Performance Context: Suited for constrained environments where encryption and decryption occur on the same platform.
2. Symmetric Encryption:
- Definition: A class of encryption methods where the same key is used for both encryption and decryption.
RSA Encryption:
1. RSA Encryption:
- Definition: Named after inventors Rivest, Shamir, and Adleman; RSA is an asymmetric encryption method.
- Key Feature: Utilizes two related keys - a public key for encryption and a private key for decryption.
- Applications: Ideal for scenarios with physically separate endpoints, such as web browsers connecting to websites, VPN connections, and other applications requiring secure communication.
2. Asymmetric Encryption:
- Definition: Encryption method involving a pair of keys - public and private - with different functionalities.
Performance and Combined Usage:
- Performance of RSA: Acknowledges the performance challenges of RSA encryption, especially in scenarios requiring data transfer across geographic boundaries.
- Combining AES and RSA: Introduces a solution to address RSA's performance issues by combining it with AES symmetric encryption. Temporary AES keys are protected by RSA encryption.
Other Encryption Algorithms:
1. Symmetric Algorithms:
- Triple DES (TDES): An older standard still in use but advised against for new applications.
- Others: Two Fish, Blow Fish, Ghost, etc., mentioned but cautioned against due to lacking accepted standards.
2. Asymmetric Algorithms:
- Elliptic Curve Cryptography (ECC): An accepted standard for asymmetric encryption, often combined with symmetric algorithms.
AES Modes of Encryption:
- AES Modes: Highlighted the existence of multiple modes of operation, such as ECB, CBC, CTR, and XTS, each serving specific purposes.
The Evolving World of Encryption:
- Continuous Evolution: Acknowledges the dynamic nature of encryption, with ongoing efforts to develop new algorithms and improve existing ones.
- Published Standards: Emphasizes the importance of adhering to established standards like AES and RSA to ensure alignment with global cryptographic consensus and compliance regulations.
In this ever-evolving landscape, staying informed about encryption methods and adhering to recognized standards remains paramount for robust data security. If you have any inquiries, feel free to ask.
