Asymmetric Cryptography

Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic, rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be freely distributed, and one private that should not be distributed. Due to how asymmetric algorithms work, the sender encrypts data with the receiver’s public key and the receiver decrypts the data with their private key. This ensures that only the intended recipient can read the encrypted data. Common public key encryption algorithms include RSA, ElGamal, and ECDSA. For efficiency, many protocols (including SSL/TLS) use symmetric cryptography once a connection is established, but use asymmetric cryptography to establish or transmit a key. As such, these protocols are classified as Asymmetric Cryptography.

A modern branch of cryptography (popularly known as "public key cryptography") in which the algorithms use a pair of keys (a public key and a private key) and use a different component of the pair for each of two counterpart cryptographic operations (e.g., encryption and decryption, or signature creation and signature verification). (See: key pair, symmetric cryptography.) Tutorial: Asymmetric algorithms have key management advantages over equivalently strong symmetric ones. First, one key of the pair need not be known by anyone but its owner; so it can more easily be kept secret. Second, although the other key is shared by all entities that use the algorithm, that key need not be kept secret from other, non using entities; thus, the key distribution part of key management can be done more easily. Asymmetric cryptography can be used to create algorithms for encryption, digital signature, and key agreement: In an asymmetric encryption algorithm (e.g., "RSA"), when Alice wants to ensure confidentiality for data she sends to Bob, she encrypts the data with a public key provided by Bob. Only Bob has the matching private key that is needed to decrypt the data. (Compare: seal.) In an asymmetric digital signature algorithm (e.g., "DSA"), when Alice wants to ensure data integrity or provide authentication for data she sends to Bob, she uses her private key to sign the data (i.e., create a digital signature based on the data). To verify the signature, Bob uses the matching public key that Alice has provided. In an asymmetric key agreement algorithm (e.g., "Diffie Hellman Merkle"), Alice and Bob each send their own public key to the other party. Then each uses their own private key and the other's public key to compute the new key value.