There are two types of encryption in widespread use today: symmetric and asymmetric encryption. The name derives from whether or not the same key is used for encryption and decryption.

Symmetric encryption

In symmetric encryption the same key is used for encryption and decryption. It is therefore critical that a secure method is considered to transfer the key between sender and recipient.

Figure 1: Symmetric encryption – Using the same key for encryption and decryption

Asymmetric encryption

Asymmetric encryption uses the notion of a key pair: a different key is used for the encryption and decryption process. One of the keys is typically known as the private key and the other is known as the public key.

The private key is kept secret by the owner and the public key is either shared amongst authorised recipients or made available to the public at large.

Data encrypted with the recipient’s public key can only be decrypted with the corresponding private key. Data can therefore be transferred without the risk of unauthorised or unlawful access to the data.

Figure 2: Asymmetric encryption – Using a different key for the encryption and decryption process

This use can also provide assurance of the identity of the sender or recipient of the communication. This is done using a process called digital signing. A message signed with the private key of the sender can be verified by the recipient using the corresponding public key. Certificates for signing communications can also be issued by trusted third parties (such as Certificate Authorities) who can provide further assurance that the owner of a particular key pair is who they say they are.

Hashing

Hashing is a technique that generates a fixed length value summarising a file or message contents. It is often incorrectly referred to as an encryption method. Hash functions are used with cryptography to provide digital signatures and integrity controls but as no secret key is used it does not make the message private as the hash can be recreated.

Read our further guidance on protecting personal data in online services for more information: