Hybrid RSA + AES
Use RSA for keys and AES for bulk data so you get the best of both worlds.
How it works
- Pure public-key encryption like RSA is slow and limited in how much data it can handle directly. Symmetric ciphers like AES are fast but require a shared secret key.
- In a hybrid scheme, the sender generates a random symmetric key (for example for AES-GCM) and encrypts the actual message with that symmetric key.
- The symmetric key itself is then encrypted with the recipient’s RSA public key and sent along with the ciphertext.
- The recipient uses their RSA private key to recover the symmetric key and then decrypts the bulk ciphertext with AES.
- Understanding this pattern helps you see what happens under the hood in protocols like PGP, TLS and secure messaging apps.
Keys are generated automatically for this demonstration.
What is it?
Hybrid encryption solves the fundamental limitations of both symmetric and asymmetric cryptography by combining them. Asymmetric algorithms (like RSA) are brilliant for securely exchanging keys over public networks, but they are incredibly slow and cannot encrypt large amounts of data. Symmetric algorithms (like AES) are blazingly fast but require both parties to already possess a shared secret. A hybrid system uses RSA to securely transmit a temporary, randomly generated AES key. Once both parties have this AES key, they use it to encrypt the actual bulk data.
Try it yourself
Can you decrypt this challenge?
Where this shows up today
To achieve the convenience of public-key distribution alongside the blistering speed of symmetric encryption.