What is Asymmetric Encryption?
Why you should care:
- You can’t understand the language of SSL/TLS/mTLS without the language of asymmetric encryption
- It’s hard to add SSL/TLS/mTLS to your app if you don’t understand the language
- You need SSL/TLS/mTLS on your website/app if only for the improved SEO and to protect your users’ privacy
Asymmetric encryption is one of those things that you use hundreds of times a day, but rarely (if ever) notice it. The ideas behind it are in widespread use, but most of the time you don’t need to understand it to benefit from it.
If you work in web development or operations however, adding SSL/TLS/mTLS to a web service may be something you are asked to do. Many guides will help you to understand the steps to implement that, but they assume you have a familiarity with asymmetric encryption already. This blog post aims to provide you with that background (a future post of mine will expand on this to explain TLS as well).
Speaking the language of mTLS is something developers have largely not had to do, but as we increasingly move toward Platforms as a Service and DevOps, more of the burden for managing mTLS is falling on developers. It is worth investing some time now to understand the theoretical foundation. It will help you a lot with learning the language of X.509.