What is Asymmetric Encryption?

Asymmetric encryption solved the fundamental key distribution problem that had limited cryptography for centuries. Before its invention in the 1970s, two parties who wanted to communicate securely had to first agree on a shared secret key through a secure channel — a chicken-and-egg problem. Asymmetric cryptography allows anyone to encrypt a message using a freely distributed public key, while only the holder of the corresponding private key can decrypt it.

The mathematical foundation relies on trapdoor functions — operations that are easy to perform in one direction but computationally infeasible to reverse without special knowledge. RSA uses the difficulty of factoring large prime products; elliptic curve cryptography (ECC) uses the discrete logarithm problem on elliptic curves. These mathematical properties ensure that knowing the public key does not reveal the private key.

Asymmetric encryption is significantly slower than symmetric encryption — often 100 to 1,000 times slower for equivalent data sizes. For this reason, it is rarely used to encrypt bulk data directly. Instead, modern systems use a hybrid approach: asymmetric encryption secures the exchange of a symmetric key, and that symmetric key encrypts the actual payload. TLS, PGP, and SSH all follow this hybrid pattern.

How Vaulted uses Asymmetric Encryption

Vaulted uses symmetric encryption (AES-256-GCM) rather than asymmetric encryption, because the link-sharing model eliminates the key distribution problem that asymmetric cryptography exists to solve. The encryption key is embedded in the URL fragment and delivered alongside the link itself, so there is no need for a public/private key pair or a key exchange protocol. This keeps the cryptographic implementation simple and fast, requiring only the Web Crypto API's symmetric primitives.