Let me introduce you to my friends, Alice and Bob. Now Alice and Bob wants to send each other encrypted data. Now, if you've been watching the episodes in order, you've seen examples of encryption, where we take some piece of plaintext, we use a key, and then we encrypt it with that key. And then we decrypt it with the exact same key. That's what we call symmetric encryption. So if Alice wants to encrypt something, she's going to encrypt it with a key.
And then in order for Bob to decrypt it, he's going to need the same key. And that is a big problem with symmetric encryption. You see, with symmetric encryption, it's easy to send the encrypted stuff from one person to another. But how do you send the key and this is always a big problem. So the key that Alice and Bob are using right now, to deal with this one particular bit of thing they're doing is going to be called a session. Key, they might use a different key later.
But for this one piece of encryption and decryption, they're going to have one session key. So how does Alice get it to Bob? And well, you got some choices. The big thing we use when we talk about these forms of symmetric keys is the words in band and out of band. When we say inbound, we're basically saying, Well, I'm going to send the key with the encrypted data. doesn't sound very smart, does it?
Well, it isn't. Because if we were to send the key with the encrypted data, assuming the kerkhof principle is involved, somebody could figure out the algorithm and decrypt it on their own. So sending stuff in band is risky. Now we could go to out of band, for example, Alice could get on her bicycle and ride over to Bob's, but then we almost killed the whole concept of wanting to do encryption, right, because in that case, she could just send a letter something, put it in her back pocket and hand it to Bob. So this is a big challenge that we run into with symmetric encryption. Now what I need to stress to you right now Now that symmetric encryption is the primary way that we encrypt data.
And I'm about to show you some very clever ways that we do things that allow us to exchange a session key without anybody being able to figure out how this works. So, another term we run into is the concept called ephemeral key. And ephemeral key simply means a key that's temporary. In this particular case, Alice can invent a key out of the blue, and she'll never use it again. And that way, the key is simply temporary and never used when you set up keys in such a way that knowledge of a key used in a previous session keeps you from being able to crack in a current session. We call that perfect forward secrecy.
So, the beautiful part about ephemeral keys assuming that Alice can generate keys that are arbitrary to the outside person Is that a femoral key? done right always provides perfect forward secrecy. So if somebody cracked a session six months ago, it's not going to do them any good today. So that's an important concept. So we still have the problem, though, of how do we exchange a session key. And to do that we do something that's absolutely fascinating.
We do something that's called asymmetric encryption. asymmetric encryption doesn't use a key, it uses your ready, a key pair. So what Alice is going to do is on her computer, she's going to generate two completely separate keys. Now, these two keys are known as a public key and a private key. And the cornerstone of asymmetric encryption works like this. The public key is given to anybody.
All right, and the private key is kept by Alice. In fact, it's put on a protected part of her hard drive. So that nobody can accidentally get to it, it's very protected. The public key is only used to encrypt. And the private key is only used to decrypt. So let's watch how this works.
So what will happen is that Alice will generate a key pair, and then she will send this public key, she can send it in band, you can do anything she wants over to Bob. Now, Bob with that public key, he can take whatever he wants to encrypt, he will encrypt it with Alice's public key. And the only person who can decrypt it is Alice because she has the private key. So it's actually fascinating where we have this public and private key. Now, the downside to asymmetric encryption, is that let's use these is that Bob can only encrypt and send stuff to Alice. Now, if we want to reverse that process, Bob is going to have to generate himself a public and a private key and we'll say the Is the public key, I'm gonna put his private key code over here.
And he can send this to Alice. In fact, he sent it to anybody who he wants to. And now Alice can now encrypt stuff for Bob. And that way, we can actually go through this process of creating these forms of encryption. Now, the important thing you need to understand here is that it sounds that this asymmetric is going to be a lot better than symmetric. And in many ways it is.
The big problem is, is that asymmetric encryption, first of all, it requires these key generations, these keys have to be exchanged, somebody has to keep track of where these keys are. So asymmetric, while it works very well and it certainly protects your keys. The downside is that it is slow and a little bit onerous. So in other episodes, we're going to see that we use asymmetric encryption, not really so much to encrypt, but to simply be able to exchange a session key in a secure way. And once that session keys generated, we go back to good old symmetric encryption. So what you start to see is that we develop these fairly complex what we call crypto systems.
A crypto system is a very, very defined piece of cryptography that programmers can use to actually get stuff done. If we were looking at that XOR encryption we talked about in another episode, you would say stuff like, the key has to be at a very fixed size, and you only run one XOR encryption. If we were doing symmetric keys, a cryptosystem would define the key must be so long, what are the different types of communication that go back and forth between Alice and Bob, to properly do the exchange, what's actually going on on Bob's machine or Alice's machine to encrypt and decrypt? So cryptography, maybe algorithms and keys, but it cryptosystem is a highly defined process that programs do to actually Make cryptography work in the IT world.