menu

Understanding Symmetric vs Asymmetric Encryption as a Backend Engineer

2
calendar_today agoschedule4 min read

While learning networking, I kept hearing terms like:

  • HTTPS
  • TLS
  • SSL certificates
  • Public keys
  • Private keys

I understood they were related to security, but I never really understood how encryption actually worked underneath.

Once I started learning about Symmetric and Asymmetric Encryption, many of those concepts finally started making sense.

One realization that surprised me:

The internet doesn't use one type of encryption.

It uses both.

And that's exactly how TLS secures our communication.

What is Encryption?

Encryption is the process of scrambling data so that only authorized parties can read it.

Instead of sending:

Hello

we transform it into something unreadable like:

X8#kP!2@Q

Anyone intercepting the encrypted data sees only gibberish.

Only someone with the correct key can convert it back to the original message.

Encryption is used everywhere:

  • HTTPS websites
  • online banking
  • messaging applications
  • VPNs
  • SSH
  • file storage

Without encryption, anyone sitting between two communicating systems could potentially read sensitive information.

Symmetric Encryption

Symmetric Encryption uses the same key for both encryption and decryption.

In simple terms:

Encrypt → Secret Key
Decrypt → Same Secret Key

If you can encrypt the data, you can also decrypt it using the exact same key.

Popular examples include:

  • AES (Rijndael)
  • Twofish
  • Serpent
  • DES

How Symmetric Encryption Works

Imagine Alice wants to receive a secret message from Bob.

Step 1

Alice generates a secret key.

Step 2

Alice somehow shares that key with Bob.

Step 3

Bob encrypts:

Hello

using the secret key.

Step 4

Alice receives the encrypted message and decrypts it using the same key.

Communication works perfectly.

Until someone steals the key.

The Key Sharing Problem

This is the biggest weakness of Symmetric Encryption.

How do Alice and Bob securely share the key in the first place?

If an eavesdropper intercepts the key during transmission:

Alice → Secret Key → Bob

they now have everything needed to decrypt future messages.

The encryption itself may be strong.

But distributing the key safely becomes difficult.

Why Symmetric Encryption Is Still Useful

Despite the key-sharing problem, symmetric encryption has huge advantages.

Fast

The algorithms are extremely efficient.

Great for Large Data

Encrypting large amounts of data is relatively cheap computationally.

This makes symmetric encryption ideal for:

  • videos
  • files
  • API traffic
  • website communication

Symmetric Encryption Drawbacks

Key Distribution Is Hard

Securely sharing the key is the difficult part.

If the key leaks, all communication becomes readable.

Asymmetric Encryption

Asymmetric Encryption solves the key-sharing problem.

Instead of one key, it uses two:

  • Public Key
  • Private Key

The interesting part:

The public key encrypts data.

The private key decrypts data.

And the public key cannot decrypt the message.

How Asymmetric Encryption Works

Imagine Alice wants people to send her encrypted messages.

Step 1

Alice generates:

  • Public Key
  • Private Key

Step 2

She shares the Public Key with everyone.

Including Bob.

Step 3

Bob encrypts:

Hello

using Alice's Public Key.

Step 4

The encrypted message is sent across the network.

Step 5

Alice decrypts it using her Private Key.

Only Alice can decrypt the message because only Alice possesses the private key.

Even if an attacker steals the public key, it doesn't help.

The public key was meant to be shared.

Why Does This Work?

One thing I found interesting:

Asymmetric encryption is built on mathematical problems that are extremely difficult to reverse.

Many algorithms rely heavily on properties of large prime numbers.

The actual math gets complicated very quickly, but the practical takeaway is:

Encrypting with the public key does not reveal the private key.

That's what makes the system secure.

Common Asymmetric Encryption Algorithms

Some popular examples include:

  • RSA (Rivest-Shamir-Adleman)
  • Diffie-Hellman
  • ElGamal

These algorithms form the foundation of many modern security systems.

Advantages of Asymmetric Encryption

Easy Key Distribution

The public key can be shared freely.

No secret exchange is required.

Better for Establishing Trust

Because the private key never leaves the owner, it becomes much easier to securely initiate communication.

This is why technologies like:

  • HTTPS
  • TLS
  • SSH

rely heavily on asymmetric cryptography.

Disadvantages of Asymmetric Encryption

Computationally Expensive

This was the part that surprised me.

Asymmetric encryption is significantly slower than symmetric encryption.

The mathematical operations involved are much more expensive.

Poor for Large Data Transfers

Encrypting large files or long streams of data using asymmetric encryption would be inefficient.

It works best for small pieces of information.

Symmetric vs Asymmetric Encryption

After learning both approaches, I think of them like this:

Symmetric Encryption

Pros:

  • Fast
  • Efficient for large data

Cons:

  • Difficult key sharing

Asymmetric Encryption

Pros:

  • Public key can be shared safely
  • Great for establishing secure communication

Cons:

  • Slower
  • Computationally expensive
  • Inefficient for large data

The Part That Finally Made TLS Click

The most interesting realization for me was:

TLS doesn't choose between symmetric and asymmetric encryption.

It uses both.

The process roughly looks like this:

Step 1

The server sends its certificate containing a public key.

Step 2

The client verifies the certificate.

Step 3

Using asymmetric cryptography, both sides securely establish a shared symmetric key.

Step 4

From that point forward, communication switches to symmetric encryption.

Why?

Because symmetric encryption is much faster.

So asymmetric encryption is used only during the setup phase.

Then symmetric encryption handles the actual data transfer.

This gives us:

  • secure key exchange
  • fast communication

at the same time.

Why This Matters for Backend Engineers

Before learning encryption, HTTPS felt like a checkbox.

Enable SSL.

Install a certificate.

Done.

Now I understand there is a lot happening underneath:

  • public keys
  • private keys
  • certificates
  • TLS handshakes
  • symmetric encryption
  • asymmetric encryption

Every secure API request depends on these concepts.

Understanding them makes HTTPS feel much less magical and much more engineering-driven.

Final Thoughts

Before learning this topic, I assumed encryption was a single concept.

Now I realize there are actually two very different approaches.

One solves the speed problem.

One solves the key-sharing problem.

And modern systems combine both to get the best of each.

The coolest part for me was finally understanding why a server sends a certificate before encrypted communication begins.

It's not the encryption itself.

It's the first step that makes secure communication possible.

Rahul Ch
159 Points2 Badges2
rahulchaduvula.xyz
2Posts
1Comments
Build your own developer journey
Track progress. Share learning. Stay consistent.
Create your profile
🔥 Join developers growing publicly
Share your knowledge, build in public, and grow your developer presence with a global community.
Join CoderLegion

More Posts

Understanding NAT as a Backend Engineer

Rahul - Jun 9

The Audit Trail of Things: Using Hashgraph as a Digital Caliper for Provenance

Ken W. Algerverified - Apr 28

Local-First: The Browser as the Vault

Pocket Portfolio - Apr 20

Merancang Backend Bisnis ISP: API Pelanggan, Paket Internet, Invoice, dan Tiket Support

Masbadar - Mar 13

Why Email-Only Contact Forms Are Failing in 2026 (And What Developers Should Do Instead)

JayCode - Mar 2
chevron_left

More From Rahul

Understanding NAT as a Backend Engineer

Related Jobs

View all jobs →

Commenters (This Week)

2 comments
2 comments
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!