Complete Encryption Guide 2024: Symmetric, Asymmetric & Modern Cryptography

Key Takeaways

Symmetric encryption (AES) uses one key for encrypt/decrypt.
Asymmetric encryption (RSA, ECC) uses public/private key pairs.
Hashing (SHA-256) creates fixed-size fingerprints, not reversible.

Use authenticated encryption (AES-GCM) not just encryption.
Key management is often harder than the encryption itself.
Never implement your own cryptography—use established libraries.

1. Fundamentals of Encryption
2. Symmetric Encryption
3. Asymmetric Encryption
4. Cryptographic Hashing

5. Digital Signatures
6. Practical Applications
7. Implementation Guidelines
8. Frequently Asked Questions

1. Fundamentals of Encryption

Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a key. Only those with the correct key can decrypt the ciphertext back to plaintext. Encryption protects data confidentiality—even if data is intercepted, it's useless without the key.

Modern cryptography provides four fundamental services:

Confidentiality: Data is secret (encryption)
Integrity: Data hasn't been modified (hashing, MACs)
Authentication: Verify identity of sender (digital signatures)
Non-repudiation: Sender can't deny sending (digital signatures)

2. Symmetric Encryption

Symmetric encryption uses the same key for both encryption and decryption. It's fast and efficient for encrypting large amounts of data.

2.1 AES (Advanced Encryption Standard)

AES is the most widely used symmetric algorithm. It's a block cipher that encrypts data in 128-bit blocks with key sizes of 128, 192, or 256 bits.

Mode	Description	Recommendation
ECB	Each block encrypted independently	❌ Never use—exposes patterns
CBC	Each block XORed with previous	⚠️ Legacy, padding oracle risk
CTR	Counter mode, parallel processing	✅ Good for performance
GCM	Counter + authentication	✅ Recommended (AEAD)

# Python AES-GCM encryption
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import os

# Generate 256-bit key
key = AESGCM.generate_key(bit_length=256)
aesgcm = AESGCM(key)

# Encrypt
nonce = os.urandom(12)  # Must be unique per message
ciphertext = aesgcm.encrypt(nonce, plaintext, associated_data)

# Decrypt
plaintext = aesgcm.decrypt(nonce, ciphertext, associated_data)

3. Asymmetric Encryption

Asymmetric (public-key) encryption uses key pairs: a public key for encryption and a private key for decryption. Anyone can encrypt with your public key, but only you can decrypt with your private key.

3.1 RSA

RSA is the most common asymmetric algorithm. Key sizes of 2048 or 4096 bits are recommended. RSA is slow, so it's typically used to encrypt symmetric keys rather than data directly.

# RSA key generation
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=4096
)
public_key = private_key.public_key()

3.2 Elliptic Curve Cryptography (ECC)

ECC provides equivalent security to RSA with smaller key sizes, making it faster and more efficient. Ed25519 and secp256k1 are popular curves.

RSA Key Size	ECC Key Size	Security Level
2048 bits	224 bits	112 bits
3072 bits	256 bits	128 bits
7680 bits	384 bits	192 bits

4. Cryptographic Hashing

Hash functions create fixed-size outputs (digests) from any input. They're one-way functions—you can't recover the input from the hash. Any change to the input produces a completely different hash.

4.1 Hash Algorithms

Algorithm	Output Size	Status
MD5	128 bits	❌ Broken—never use
SHA-1	160 bits	❌ Broken—avoid
SHA-256	256 bits	✅ Recommended
SHA-384/512	384/512 bits	✅ Strong
SHA-3	Variable	✅ Latest standard
BLAKE2/3	Variable	✅ Fast modern hash

# Python hashing
import hashlib

# SHA-256
hash_object = hashlib.sha256(b"message")
digest = hash_object.hexdigest()

# HMAC (keyed hash for authentication)
import hmac
mac = hmac.new(key, message, hashlib.sha256).hexdigest()

5. Digital Signatures

Digital signatures use asymmetric cryptography to provide authentication and non-repudiation. You sign with your private key; anyone can verify with your public key.

# Create signature
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

signature = private_key.sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

# Verify signature
public_key.verify(signature, message, padding, hashes)

Common Use Cases

Encryption: Confidentiality—hiding content
Hashing: Integrity—detecting changes (checksums)
Signatures: Authentication—proving origin
Key Exchange: Establishing shared secrets (Diffie-Hellman)

6. Practical Applications

6.1 File Encryption

# GPG file encryption
gpg -c sensitive.txt             # Symmetric encryption
gpg -e -r [email protected] sensitive.txt  # Asymmetric

# OpenSSL
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -d -aes-256-cbc -in file.enc -out file.txt

6.2 Disk Encryption

BitLocker: Windows full-disk encryption
FileVault: macOS full-disk encryption
LUKS: Linux standard disk encryption
VeraCrypt: Cross-platform container encryption

6.3 TLS Handshake

TLS combines all cryptographic primitives: asymmetric for key exchange, symmetric for data encryption, hashing for integrity, signatures for authentication.

7. Implementation Guidelines

Cryptography Pitfalls

Don't roll your own crypto: Use established libraries (libsodium, cryptography.io)
Don't reuse nonces/IVs: Each encryption must use unique values
Don't use ECB mode: Patterns in plaintext leak to ciphertext
Do use authenticated encryption: GCM, ChaCha20-Poly1305

7.1 Key Management

Generate keys using cryptographically secure random generators
Store keys securely (HSM, secrets manager, key vault)
Rotate keys regularly
Implement key revocation procedures

8. Frequently Asked Questions

Is 256-bit encryption unbreakable?

256-bit symmetric encryption is computationally infeasible to brute force with current or foreseeable technology. However, implementation flaws, key management failures, and side-channel attacks can still enable attacks. The cryptography itself is secure; the surrounding system often isn't.

Will quantum computers break encryption?

Shor's algorithm could break RSA and ECC with a sufficiently powerful quantum computer. Symmetric algorithms like AES would need doubled key sizes (AES-256 → AES-512 security). Post-quantum cryptography algorithms are being standardized by NIST to address this future threat.

Conclusion

Encryption is fundamental to digital security. Understand when to use symmetric vs asymmetric encryption, always use authenticated encryption modes, and never implement cryptography yourself—use well-tested libraries. Key management is often the biggest challenge; focus on securing your keys as much as choosing strong algorithms.

Continue Learning:
SSL/TLS Guide Password Security