Encryption involves transforming data into ciphertext – a randomized and unreadable format that requires a decryption key to decipher.
The world runs on communication. Everyone needs to send and receive information. Unfortunately, digitalization and easy internet access have necessitated the need to send private communications since not everyone online is trustworthy.
Humankind has always found ways to send hidden messages that only the intended recipient could interpret. This form of communication is called cryptography, referring to the ability to encrypt information requiring specific cyphers or methods to decode.
Encryption is critical to a functional and secure digital society. It prevents the easy access of personal and sensitive information by malicious actors with an internet connection. It’s also a significant concern given the average total cost for data breaches of 50 million to 60 million records reached $387 million in 2022.
RSA encryption is one such cryptosystem for private message decryption that uses a public-key algorithm. To better understand what it is, let’s answer the question, “what is data encryption and the public-key encryption algorithm?”
Data encryption or encipherment involves disguising information as ciphertext. The ciphertext is unintelligible to unauthorized persons. Conversely, decipherment or decryption involves converting ciphertext back into the original format. Manual encryption dates back to the Roman Empire. However, today encryption is a basic process of cryptology and is synonymous with disguising information via electronic methods.
Computers apply an algorithm to encrypt data. An algorithm is a set of instructions or procedures for performing specific tasks on data blocks. A key is a personal encryption name that only the user or transmitter of the message and the intended receiver know.
Today, two primary types of encryption exist:
RSA works because randomly selected encryption keys of sufficient length are almost impregnable.
It’s also called the asymmetric algorithm where the sender and receiver use different keys to encrypt and decrypt data. The asymmetric algorithm assigns each sender a pair of keys:
Although the two keys are linked, it’s impossible to derive the private key from the public one or decrypt data using a public key. As its name suggests, the public key is well known but private keys are secret and available only to users who own them. In short, everybody can send messages to the user using their public keys but only the intended recipient can decrypt the messages using their private key.
RSA is the most commonly used public-key algorithm. The initials RSA stand for Rivest Shamir Adleman after the mathematician and two computer scientists who first publicly described the algorithm in 1977.
Many protocols such as Secure Shell (SSH), SSL-TLS, S/MIME, and OpenPGP rely on RSA encryption and secure digital signature functions.
The RSA encryption system solves what was once a significant problem in cryptography: how to send a coded message to someone without previously sharing the code with them.
Let’s say you wish to tell someone a secret. If they are right next to you, you can whisper it. However, if they are miles away from you, you cannot. You’d need to use the phone or write it down and mail it. Unfortunately, these communication channels are insecure and anybody with enough motivation can eavesdrop or intercept the message.
One solution to prevent eavesdropping is to encrypt the message. It means adding a code to it that changes it into a jumbled mess. If you use a sufficiently complex code, only those with access to the code can access the original message. Otherwise, it’ll remain unreadable.
If you shared the code with your friend beforehand, you can send encrypted messages anytime because only you two have the code to read the original content.
But what if you did not share the code beforehand? How do you communicate securely? This is a fundamental problem that cryptography addresses using public-key encryption schemes or asymmetric encryption such as RSA.
RSA encryption allows users to encrypt messages with a code called a public key that they can share openly. Due to the specific RSA algorithm’s mathematic properties, once a user encrypts a message with a public key, only a private key can decrypt it. Users have a pair of public and private keys and the latter are kept secret.
Public key encryption systems differ from symmetric-key encryptions which use the same key for encryption and decryption. Therefore, RSA is useful for communicating in cases where users have not safely distributed keys beforehand.
RSA encryption is not suitable for encrypting entire files or messages because it’s more resource-heavy and less efficient than symmetric-key encryption. Therefore, its general practice to use RSA encryption together with other encryption systems or for encrypting digital signatures to prove the integrity and authenticity of messages.
Digital signatures help authenticate and verify files and documents. They prevent tampering during the transmission of official and other sensitive documents and prevent forgery or manipulation. However, digital signatures use private keys for encryption and public keys for decryption to authenticate the origin of the signature.
Users will generally encrypt a file with an asymmetric-key algorithm and use RSA encryption to encrypt the symmetric key. Thus, only an RSA private key can decrypt the symmetric key used and without it, it’s not possible to decrypt the message.
Today, different systems use RSA encryption including OpenSSL, cryptlib, wolfCrypt, and other cryptographic libraries. RSA is also widely used in web browsers, email chats, VPNs, and other communication channels.
Additionally, RSA ensures secure connections between VPN servers and clients. Under protocols like OpenVPN, users can use the RSA algorithm for TLS handshakes to exchange keys and set up secure communication channels.
The math supporting RSA encryption is quite complicated to explain in detail. There are several concepts to discuss before diving into the RSA algorithm in cryptography. These include:
Equations that are simple to compute in one direction and incredibly hard in reverse are called trap-door functions. The underlying premise of RSA cryptography is that the algorithm is relatively easy to compute in one direction and almost impossible in reverse. For example, if you were given 543,111 as a product of two prime numbers, could you figure out the two primes?
Even with a calculator, it’s difficult to know where to start, but flipping things around makes things much easier because:
Still, given 543,111 and one prime number, it’s easy to figure out the other as follows:
RSA encryption uses significantly larger numbers. For example, in 2048-bit RSA, the keys would be 617 digits long.
The trap-door functions are the basis for how private and public-key encryption schemes work. Their properties allow the sharing of public keys without revealing the private key or endangering the message.
Generating the keys is the first step of encrypting data and the process uses two prime numbers (p and q) selected with a primality test. These are algorithms that efficiently find prime numbers for encryption, such as the Ranbin-Miller primality test. The prime numbers must be large and relatively far apart to make it harder to crack the keys.
RSA public keys are prime numbers and modulus n. Modulus (mod) is a modulo operation that means the remainder left over after dividing one side or number by the other, such as:
The following is the formula for generating the public key:
After doing all the mathematics and applying the public key (C=me mod n), the final encrypted data is the ciphertext (c).
Private keys are the only keys users can use to decipher ciphertext encrypted with a public key, and they must be of a similar key pair. Private keys are made of d and n and since we already know n, it’s easy to calculate d using the formula:
The RSA algorithm example above shows that the mathematics involved in encryption is complicated and when done right, results in a secure solution.
There are many advantages of using RSA encryption, including:
RSA faces some challenges that limit its use in some cases because of the capacity of attackers to exploit them. For example, it implements a long key in its encryption algorithm. AES algorithms are unbreakable but asymmetric ones like RSA rely on the size of their keys to make them difficult to crack.
Therefore, longer RSA keys are more secure and difficult to crack than shorter ones. For instance, researchers used prime factorization to crack a 768-bit RSA encryption key in two years.
It took significant resources, but the fact that it’s possible should always factor in conversations about the safety of the RSA cryptosystem. While individuals might not have the capacity to crack such encryptions, governments can do it because they have more resources at their disposal.
NIST recommends a 2048-bit minimum key length, but organizations are turning to 4096-bit key lengths for increased security.
Other RSA disadvantages include:
Despite the vulnerabilities mentioned, RSA is currently relatively safe to use provided users implement it correctly and use long, hard-to-crack keys. Implementations that fail to use adequately sized prime numbers, or that have other vulnerabilities are not safe.
As long as users remain conscious of the weaknesses and potential vulnerabilities of the RSA encryption algorithm, they can safely use it for key sharing and other tasks like digital signatures requiring public key encryption.
Will future technology like quantum computing affect the RSA algorithm in cryptography?
RSA encryption online is safe at the moment, but the advent of quantum computing could pose challenges in the future. Quantum computers can easily solve certain problems that we currently consider extremely difficult. Since this difficulty is what makes cryptographic systems secure, it’s safe to say that the current size RSA keys will become more vulnerable.
Quantum computers will easily solve the integer factorization problem. However, this future is still far off because quantum computers are still under development and mostly used in research settings. Cybersecurity industry players are also constantly looking to improve public-key algorithms to ensure their security in a post-quantum world.
Optimal Asymmetric Encryption Padding (OAEP) is now the primary standard padding for RSA public key encryption. Padding allows the formatting of messages before their encryption to attain higher security levels, ruling out basic attacks.
Veritas Technologies is a U.S.-based international data management company. We work to solve your data management challenges and help secure sensitive data from dangers like cyberattacks, human error, or natural catastrophes.
Veritas helps organizations of all sizes overcome the complexities of protecting and managing their business-critical data. Our integrated product portfolio provides a unified data services and management experience and delivers unmatched edge-to-cloud performance and versatility.
We offer other state-of-the-art solutions, such as Veritas Backup Exec for small enterprises and Veritas InfoScale for data storage and disaster recovery. Our solutions make it easier to adhere to major data privacy laws like HIPAA, GDPR, and CCPA.
Veritas customers include 95% of the Fortune 100, and NetBackup™ is the #1 choice for enterprises looking to protect large amounts of data.
Learn how Veritas keeps your data fully protected across virtual, physical, cloud and legacy workloads with Data Protection Services for Enterprise Businesses.
Encryption involves transforming data into ciphertext – a randomized and unreadable format that requires a decryption key to decipher.
The Rivest-Shamir-Adleman (RSA), named after its developers, is an asymmetric encryption technique that uses two different but linked encryption keys (private and public). RSA encryption uses opposite keys to encrypt and decrypt data.
RSA uses two keys: private and public. An RSA private key generates digital signatures while the public key verifies digital signatures. Additionally, the RSA public key also encrypts AES or DES data keys while the RSA private key is for recovery.
RSA encryption has various uses including virtual private networks (VPNs), web browsers, and email services. Well known products and algorithms like the Pretty Good Privacy (PGP) algorithm also use RSA cryptography.
RSA secures sensitive information such as financial details and protects transactions such as credit cards. Organizations also use RSA encryption to encrypt private information in emails and web browsers.
Veritas Technologies provides software solutions for enterprise data management to help organizations protect their mission-critical data. It also offers data protection, compliance readiness, storage optimization, and cloud data management services.
Yes, they can because encryption protects private information and sensitive data. It also enhances the security of communication and transmissions between servers and clients.