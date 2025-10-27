Cryptography Crash Course: AES, RSA & Post-Quantum Primitives
Cryptography is the unglamorous part of the internet that quietly keeps it from falling apart. Every login, message, and payment depends on it. Most people never see it, but it’s what separates private communication from chaos.
This piece breaks down how it actually works. We’ll look at AES encryption, the backbone of modern encryption; RSA encryption, the old guard of public-key systems; and the post-quantum cryptography that is starting to replace them.
Key Takeaways
- AES is what most systems use to keep data safe and fast.
- RSA and X25519 handle key exchange and signatures, but they won’t hold up forever.
- New post-quantum algorithms like Kyber and Dilithium are already stepping in to replace them.
- Encryption usually fails because someone set it up wrong, not because the math broke.
- Use solid libraries, rotate your keys, and keep things flexible for whatever comes next.
Cryptography 101: Fast Foundations
Cryptography protects data through a mix of building blocks that work together. Symmetric encryption, like AES, uses the same key to lock and unlock data. It’s simple, and it’s what most systems use once a connection is secure.
Asymmetric encryption, like RSA or X25519, works a bit differently. One public key to share, one private key to protect. That setup makes things like digital signatures and secure key exchange possible.
- Authenticated encryption with associated data (AEAD) algorithms like AES-GCM handle both encryption and data integrity at the same time.
- Key derivation functions (KDFs) like HKDF take a shared secret and turn it into fresh, session-specific keys so you’re not reusing the same one forever.
- Message authentication codes (MACs) and hash-based message authentication codes (HMACs) check that your data wasn’t tampered with, though AEAD ciphers already cover that part.
In real systems like transport layer security (TLS), all these pieces line up in a chain. Two computers trade public keys (X25519 or Kyber), generate a shared secret, run it through HKDF to make new session keys, and then use AES-GCM to encrypt everything that follows.
You never see any of it, but that’s the quiet machinery keeping your data safe while you browse, bank, or message online.
Symmetric Encryption: AES
Advanced encryption standard (AES) is the standard way we keep data secret today. It scrambles information in 128-bit chunks using keys of 128, 192, or 256 bits, running it through several rounds of math that turn plain text into something unreadable without the right key.
If you’re using AES, go with AES-GCM. It’s fast, widely supported, and handles both encryption and integrity checks in one go. Just remember that every encryption needs its own unique 96-bit nonce. Reuse one and you’ve basically handed your data to an attacker.
If managing nonces sounds messy, AES-SIV is safer, though it’s a bit slower. For encrypting entire drives, stick to AES-XTS. It’s built for that.
If you want your encryption to hold up in the future, use AES 256 encryption. Quantum computers could one day weaken shorter keys, but 256-bit keys still give you plenty of breathing room.
Asymmetric Encryption: RSA
The RSA algorithm is the old reliable of public-key cryptography. It uses a pair of keys: one public for sharing and one private for keeping secret. You encrypt or verify with one and decrypt or sign with the other. It’s slower than AES, so it’s usually just used to protect small bits of data like session keys or digital signatures rather than entire files.
RSA’s security depends on how hard it is to factor huge numbers. Quantum computers running Shor’s algorithm could someday make that easy, which is why RSA is being phased out in favor of lattice-based systems like Kyber. Until then, it’s still fine for most use cases if you use modern padding (OAEP for encryption, PSS for signatures) and keys of at least 3072 bits.
To the surprise of no one, the biggest mistakes people make with RSA are human, not mathematical. Using outdated padding schemes, reusing keys across environments, or leaving private keys unprotected are all easy ways to blow a hole in your security.
Key Exchange & Padding Oracles
Key exchange is how two sides agree on a shared secret without sending it outright. Diffie-Hellman and its modern version, X25519, are the go-to methods. Each side creates a private key, swaps public keys, and uses math to end up with the same secret.
RSA key transport does it differently. The sender just encrypts a random session key with the receiver’s public key. Either way, the result is the same: both sides now share a key, and they use something fast like AES-GCM to encrypt everything else.
Padding oracles are what happen when older encryption modes leak clues through error messages. In schemes like PKCS#7, a small difference in padding can cause the software to respond differently. This lets attackers slowly piece together the plaintext.
Modern AEAD ciphers like AES-GCM and AES-SIV fix this by combining encryption and authentication. If something’s wrong, they simply reject the message without saying why. The same idea applies to authenticated key exchanges. Just “pass” or “fail.”
Core Cryptography Algorithms at a Glance
|Algorithm / Concept
|Type
|Key Size
|Speed / Performance
|Primary Use
|Quantum Resistance
|AES-128 / 192 / 256 (GCM, SIV, XTS)
|Symmetric
|128–256 bits
|Very fast (hardware-accelerated)
|Bulk data encryption
|✅ Strong (especially 256-bit)
|RSA-2048 / 3072 / 4096
|Asymmetric
|2048–4096 bits
|Slow (esp. for large data)
|Key exchange, digital signatures
|❌ Vulnerable to Shor’s algorithm
|X25519 (Elliptic Curve Diffie-Hellman)
|Asymmetric (ECC)
|~256 bits
|Fast and efficient
|Secure key exchange
|❌ Not quantum-safe
|Kyber (ML-KEM)
|Post-Quantum (Lattice-based)
|~256–512 bits equivalent
|Comparable to RSA-3072
|Key encapsulation (exchange)
|✅ Quantum-safe
|Dilithium (ML-DSA)
|Post-Quantum (Lattice-based)
|Variable (depends on mode)
|Moderate
|Digital signatures
|✅ Quantum-safe
|HKDF (Key Derivation Function)
|KDF
|N/A
|Fast
|Deriving session keys
|✅ Safe if inputs are secure
|HMAC / MAC (SHA-256)
|Authentication
|256 bits
|Very fast
|Data integrity
|✅ Safe
|AES-GCM + HKDF + X25519 / Kyber (Hybrid)
|Real-world combo
|—
|Balanced
|TLS, messaging, storage encryption
|✅ Quantum-resistant (hybrid)
Hands-On Practice
This short walkthrough shows how to encrypt and protect a file end to end without getting lost in theory.
Encrypt with AES-256-GCM
First, make a random 256-bit AES key. Use it to encrypt your file with AES-GCM, which handles both encryption and integrity checks. Add a bit of context as associated data (AAD), like a username or file version, so it’s verified but not encrypted.
Protect the AES key
Now protect that AES key so others can decrypt it later. You can:
- Use RSA-OAEP to wrap it with someone’s public key.
- Or go hybrid and combine X25519 (classical) and Kyber (post-quantum) secrets, then mix them together with HKDF to get a new wrapping key.
Package the result
Put everything into one neat bundle: {algorithm info, nonce, aad, ciphertext, tag, wrapped key(s)}. That way, whoever receives it knows exactly how to unwrap and verify it.
Decrypt and verify
The recipient unwraps the AES key using their private key, decrypts with AES-GCM using the same nonce and AAD, and checks the tag. If anything’s off, the decryption fails silently instead of leaking clues.
Rotate keys periodically
Don’t keep the same keys forever. Re-encrypt data on a schedule or when users change. Fresh keys and nonces are cheap insurance against mistakes.
Practical Implementation Tips: What Professionals Actually Do
Good encryption in the real world is more about habits than fancy math. Here’s how pros usually handle it:
- Key management: Use a proper key manager, like KMS or HSM, so you’re not juggling raw keys in code. Rotate them on a schedule, use envelope encryption (one key protecting another), and give each tenant or app its own key.
- Crypto agility: Don’t hardcode algorithms. Keep them in configs so you can swap them out later if standards change. When using HKDF, tag your key versions (like hybrid-v1) so you know what’s what when you upgrade.
- Side-channel safety: Pick libraries that already protect against timing attacks, but still play it safe. Use constant-time comparisons, blinding where it matters, and clear sensitive data from memory when you’re done.
- Future-proof picks: Stick with AES-256-GCM or AES-SIV for encryption, X25519 plus ML-KEM for key exchange, and ML-DSA for signatures once it’s stable. These are solid choices that won’t feel outdated in a few years.
The Bottom Line
AES keeps your data safe, RSA and Diffie-Hellman help share secrets, and newer post-quantum tools like Kyber and Dilithium are making sure that still holds true in the future. The math is solid, but it’s the implementation details that usually break things.
Use trusted libraries, rotate keys regularly, and never cut corners with nonce handling or error messages. Keep your setup flexible so you can swap algorithms as standards change.
FAQs
What’s the difference between symmetric and asymmetric encryption in practice?
Symmetric encryption uses one shared key for both locking and unlocking data. It’s fast and good for large files. Asymmetric encryption uses a public key to encrypt and a private one to decrypt, which makes it slower but perfect for key exchange or verifying who’s who.
Why are quantum computers a threat to RSA and ECC encryption?
Quantum computers can run Shor’s algorithm, which can easily break the math behind RSA and ECC once they’re powerful enough. That means any data encrypted with those systems could eventually be cracked.
How can developers start experimenting with post-quantum algorithms using OpenSSL encryption?
Grab an OpenSSL version that includes the Open Quantum Safe (OQS) plugin. From there, you can try out algorithms like Kyber and Dilithium using the same OpenSSL commands you already know, or play around with them in code using liboqs or pyoqs.
