---
title: "Asymmetric Cryptography: AP Cybersecurity Exam Review"
description: "Learn how public and private key pairs work, when to use each key, how key length affects security, and how RSA and ECC apply in AP Cybersecurity."
canonical: "https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2"
type: "study-guide"
subject: "AP Cybersecurity"
unit: "Unit 5 – Securing Applications and Data"
lastUpdated: "2026-06-18"
---

# Asymmetric Cryptography: AP Cybersecurity Exam Review

## Summary

Learn how public and private key pairs work, when to use each key, how key length affects security, and how RSA and ECC apply in AP Cybersecurity.

## Guide

## TLDR
Asymmetric cryptography uses a key pair, one public and one private, that work as mathematical inverses so people can communicate securely without sharing a secret key first. To send someone [encrypted](/ap-cybersecurity/unit-1/best-practices-for-public-networks/study-guide/nli0fCFfA8OIiMHEGsBP "fv-autolink") data, you use their [public key](/ap-cybersecurity/key-terms/public-key), and only their matching [private key](/ap-cybersecurity/key-terms/private-key) can decrypt it. Longer keys mean larger keyspaces and stronger security, but [key lengths](/ap-cybersecurity/unit-5/protecting-applications-and-data-managerial-controls-and-access-controls/study-guide/tZFME9LjYUHiIc9fHQE2 "fv-autolink") can only be compared fairly within the same algorithm.

## Why This Matters for the AP Cybersecurity Exam

This topic builds the core decision-making skill of picking the right key for the right job. You should be able to determine which key encrypts and which key decrypts in a given scenario, explain why a longer key is harder to crack, and apply asymmetric tools like OpenSSL to encrypt or decrypt a file. Expect questions that put you in a real situation (someone sending a confidential file) and ask you to reason through which key to use and why the [private key](/ap-cybersecurity/key-terms/private-key "fv-autolink") must stay protected. The math of [keyspace](/ap-cybersecurity/key-terms/keyspace "fv-autolink") and brute force shows up when you explain why key length affects security.

## Key Takeaways

- Each receiver generates a key pair of equal-length binary strings; one becomes the [public key](/ap-cybersecurity/key-terms/public-key "fv-autolink") and one becomes the private key, and they reverse each other.
- To send secure data, encrypt with the recipient's public key so only their private key can decrypt it.
- The private key must be stored securely; if it is exposed, stolen, corrupted, or shared, delete the pair and generate a new one.
- An n-bit key has a keyspace of 2^n, and random guessing finds the key in about 2^(n-1) guesses on average.
- Key-length comparisons only make sense within the same algorithm (AES vs AES, [RSA](/ap-cybersecurity/key-terms/rsa) vs RSA), not across different algorithms.
- RSA and [ECC](/ap-cybersecurity/key-terms/ecc) are common asymmetric algorithms used for [encryption](/ap-cybersecurity/key-terms/encryption "fv-autolink"), digital signatures, and digital certificates.

## How Asymmetric Encryption Works

[Symmetric encryption](/ap-cybersecurity/key-terms/symmetric-encryption "fv-autolink") has one big weakness: both people need the same secret key, and they have to share it without anyone else getting it. Asymmetric cryptography solves that. Instead of one shared key, each person gets a pair of keys that work as mathematical opposites. This is the system that lets you safely send your card info to a website you have never visited, and it is the backbone of secure communication on the internet.

[Asymmetric encryption](/ap-cybersecurity/key-terms/asymmetric-encryption) lets two people communicate securely without agreeing on a shared secret ahead of time. With symmetric encryption, you and your friend both need the same key, which means you have to find a safe way to exchange it first. [Asymmetric encryption](/ap-cybersecurity/key-terms/asymmetric-encryption "fv-autolink") skips that step.

Anyone who wants to receive encrypted messages first generates a key pair. A key pair is two binary strings of equal length, created together through a mathematical process. One key gets labeled the public key and the other becomes the private key.

These keys are mathematical inverses of each other. Whatever one key encrypts, only the other key in the pair can decrypt. Either key can do the encrypting, but its partner is the only thing that can undo it. A key cannot decrypt something it encrypted itself.

### Public vs. Private Keys

The names tell you how to handle each key:

- The public key is meant to be shared. You can post it on your website, email it around, or publish it in a directory. Anyone who wants to send you a secure message needs it.
- The private key must stay secret. Store it somewhere safe, like an encrypted file, a hardware security module, or a [password manager](/ap-cybersecurity/key-terms/password-manager "fv-autolink"). The entire security of the system depends on this key staying private.

If your private key ever gets exposed, stolen, corrupted, or shared (even by accident), the whole key pair is burned. You have to delete it and generate a new one. There is no recovering from a leaked private key, because anyone who has it can decrypt every message that was sent to you.

## Choosing the Right Key

This is where students often get tripped up. Which key do you use, and when? The rule is simple once you see the pattern:

To send an encrypted message to someone, use their public key. Only they have the matching private key, so only they can decrypt it.

Here is an example. Say you want to send a confidential file to your friend Maya.

1. Maya generates a key pair. She keeps her private key locked down on her laptop and publishes her public key online.
2. You download Maya's public key.
3. You encrypt the file using Maya's public key.
4. You send the encrypted file to Maya, even over an unsecured channel like regular email.
5. Maya decrypts it using her private key.

Even if an attacker intercepts the encrypted file, they cannot read it. They do not have Maya's private key, and her public key (the only thing they have) cannot undo its own encryption.

Flip the scenario: if Maya wants to send something back to you, she uses your public key, and you decrypt with your private key. Each person needs their own key pair.

### Quick Reference

| Action | Key to use |
|---|---|
| Encrypting a message to send to someone | Recipient's public key |
| Decrypting a message you received | Your own private key |
| Sharing so others can send you secure data | Your public key |
| Storing securely and never sharing | Your private key |

## Why Key Length Matters

The security of encryption depends heavily on how long the key is. Longer keys are harder to crack, but they also take longer to use. There is a tradeoff.

### Keyspace and Brute Force

A [keyspace](/ap-cybersecurity/key-terms/keyspace) is the total number of possible keys for a given key length. For binary keys, an *n*-bit key has a keyspace of $$2^n$$.

So a 4-bit key has $$2^4 = 16$$ possible values. A 128-bit key has $$2^{128}$$ possible values, which is a number with 39 digits. A 2048-bit RSA key has a keyspace so enormous it is hard to picture.

If an attacker tries to brute-force a key by guessing randomly, on average they will find it after checking about half the keyspace. That is $$2^n / 2$$ or $$2^{n-1}$$ guesses. Even with a fast computer, this becomes impossible for large keys.

### The Tradeoff

Longer keys are not free. They take more processing power to generate, encrypt with, and decrypt with. On a phone or low-power device, using a giant key can slow things down. That is why you pick a key length that is secure enough for your needs without being overkill.

### Keys Get Longer Over Time

Computers keep getting faster, and [software](/ap-cybersecurity/unit-4/protecting-devices/study-guide/n86HF5aR65a2DLQwNHDn "fv-autolink") can guess keys faster as processing power and efficiency improve. What was considered uncrackable years ago can be broken much more quickly today. Because of this, recommended key lengths keep going up for both symmetric and asymmetric algorithms.

### Comparing Key Lengths Fairly

Here is an important catch: you can only directly compare key lengths within the same algorithm. For example:

- An AES 256-bit key is more secure than an AES 128-bit key. (Valid comparison.)
- An RSA 4096-bit key is more secure than an RSA 2048-bit key. (Valid comparison.)
- An RSA key and an AES key cannot be directly compared to decide which is more secure. (Not a valid comparison.)

Different algorithms use their key bits differently, so comparing bit lengths across algorithms gives you the wrong answer. Stick to comparing keys within the same algorithm.

## Common Asymmetric Algorithms

Two algorithms come up most often:

- **RSA** (Rivest, Shamir, Adleman): A classic asymmetric algorithm. Common key sizes are 2048 and 4096 bits.
- **[Elliptic Curve Cryptography](/ap-cybersecurity/key-terms/elliptic-curve-cryptography) (ECC)**: An approach that uses the math of elliptic curves.

Asymmetric algorithms are used for more than sending secret messages. They also power [digital signatures](/ap-cybersecurity/key-terms/digital-signature) (proving a message really came from a specific sender) and digital certificates (part of what makes secure web connections work in your browser).

## Using Asymmetric Encryption in Practice

You can encrypt and decrypt with asymmetric algorithms using command-line tools, specialized software like RSA Encryption Tool, or web-based tools. A common command-line tool is OpenSSL.

### Generating an RSA Key Pair

To create a 2048-bit RSA key pair and save it to a file called `rsa.pem`:

```
openssl genrsa -out rsa.pem 2048
```

The `rsa.pem` file contains the private key material. Treat this file like a [password](/ap-cybersecurity/unit-1/suspicious-website-logins/study-guide/zppDvyHLHIUFzT3MNwAN "fv-autolink"). If someone gets it, they have your private key.

### Extracting the Public Key

You do not want to hand out the file that contains your private key. You need to pull just the public key into its own file. To extract the public key from `rsa.pem` and save it to `public.pem`:

```
openssl rsa -pubout -in rsa.pem -outform PEM -out public.pem
```

Now `public.pem` is safe to share with anyone. They will use it to encrypt messages for you.

### Encrypting a File

Say someone wants to send you a file called `test`. They use your `public.pem` to encrypt it:

```
openssl pkeyutl -encrypt -pubin -inkey public.pem -in test -out test.enc
```

The `-pubin` flag tells OpenSSL that the input key is a public key. The encrypted output gets saved as `test.enc`. They send `test.enc` to you over any channel they want, even an insecure one.

### Decrypting a File

When you receive `test.enc`, you decrypt it with your private key file:

```
openssl pkeyutl -decrypt -inkey rsa.pem -in test.enc -out test
```

This reverses the encryption and gives you back the original `test` file. Notice you used `rsa.pem` (which contains your private key) for [decryption](/ap-cybersecurity/key-terms/decryption "fv-autolink"), not `public.pem`.

### Putting It All Together

A full workflow for receiving a secure file looks like this:

1. Generate your key pair with `openssl genrsa`.
2. Extract your public key with `openssl rsa -pubout`.
3. Share `public.pem` with the sender. Keep `rsa.pem` locked away.
4. The sender encrypts the file with your public key using `openssl pkeyutl -encrypt`.
5. They send you the encrypted file.
6. You decrypt it with your private key using `openssl pkeyutl -decrypt`.

The point of this system is that steps 3 and 5 can happen in the open. The public key being public is the whole idea. As long as your private key stays private, the messages stay safe.

## How to Use This on the AP Cybersecurity Exam

### Choosing the Right Key

When a question describes a sender and a receiver, slow down and identify who is doing what. To encrypt data for someone, use that person's public key. To decrypt data you received, use your own private key. The most common mistake is reaching for the wrong key in a scenario, so trace it step by step.

### Explaining Key Length

If you are asked why a longer key is more secure, connect it to keyspace. An n-bit key has 2^n possible values, and brute-force guessing takes about 2^(n-1) tries on average. Mention the tradeoff: longer keys are stronger but slower, and recommended lengths rise over time as computers get faster.

### Comparing Algorithms

Watch for traps that compare an RSA key length to an AES key length. Those are not directly comparable. Only compare key lengths within the same algorithm.

### Applying the Tools

Be ready to read or order OpenSSL commands. Know that `genrsa` makes the key pair, `rsa -pubout` extracts the public key, `pkeyutl -encrypt -pubin` encrypts with a public key, and `pkeyutl -decrypt` decrypts with the private key.

## Common Misconceptions

- **"The same key encrypts and decrypts."** That is symmetric encryption. In asymmetric encryption, one key encrypts and only its partner can decrypt.
- **"You encrypt with your own public key to send a message."** You encrypt with the recipient's public key, not your own, so only the recipient can decrypt it.
- **"A longer RSA key is automatically more secure than a shorter AES key."** Key lengths are only comparable within the same algorithm. RSA and AES bit lengths cannot be directly compared.
- **"If my private key leaks, I can just keep using it carefully."** A leaked, stolen, or corrupted private key means the entire key pair must be deleted and regenerated.
- **"Sharing my public key is risky."** The public key is meant to be published. The public key cannot decrypt what it encrypted, so sharing it does not expose your messages.
- **"Longer keys are always the best choice."** Longer keys [cost](/ap-cybersecurity/unit-4/detecting-attacks-on-devices/study-guide/JpiXN2cti74uJERazuw3 "fv-autolink") more processing time, so the right length balances security needs with performance.

## Related AP Cybersecurity Guides

- [5.1 Application and Data Vulnerabilities and Attacks](/ap-cybersecurity/unit-5/application-and-data-vulnerabilities-and-attacks/study-guide/T25I7qaDw4w4XT1rkAYr)
- [5.3 Protecting Stored Data with Cryptography](/ap-cybersecurity/unit-5/protecting-stored-data-with-cryptography/study-guide/pVI6SOT7HBVhSMIqKTXG)
- [5.2 Protecting Applications and Data: Managerial Controls and Access Controls](/ap-cybersecurity/unit-5/protecting-applications-and-data-managerial-controls-and-access-controls/study-guide/tZFME9LjYUHiIc9fHQE2)
- [5.5 Protecting Applications](/ap-cybersecurity/unit-5/protecting-applications/study-guide/NlU1CUWEo8RNupZqXUMH)
- [5.6 Detecting Attacks on Data and Applications](/ap-cybersecurity/unit-5/detecting-attacks-on-data-and-applications/study-guide/sHDJEWboTNQbNsGPNiq5)

## Vocabulary

- **OpenSSL**: A command-line tool used to perform asymmetric encryption and decryption operations, as well as generate and manage cryptographic keys.
- **RSA**: A common asymmetric encryption algorithm based on the mathematical difficulty of factoring large prime numbers, widely used for secure data transmission.
- **asymmetric encryption**: A cryptographic method that uses a pair of keys (public and private) to encrypt and decrypt data, where the public key encrypts and the private key decrypts.
- **brute force attacks**: An attack method where an adversary attempts to guess an encryption key by trying many possible combinations until finding the correct one.
- **cryptographic algorithm**: A mathematical process that defines how to encrypt and decrypt information using a key.
- **decrypt**: The process of converting ciphertext back into plaintext using the appropriate cryptographic key.
- **digital certificates**: Electronic documents that use asymmetric encryption to verify the identity of individuals, organizations, or devices in digital communications.
- **digital signatures**: A cryptographic technique using asymmetric encryption to verify the authenticity and integrity of digital messages or documents.
- **elliptic curve cryptography (ECC)**: An asymmetric encryption algorithm that uses elliptic curve mathematics to provide security with smaller key sizes compared to RSA.
- **encrypt**: The process of converting plaintext data into ciphertext using a cryptographic key so that it cannot be read without decryption.
- **encryption key**: A string of bits used in a cryptographic algorithm to encrypt and decrypt data.
- **key length**: The size of an encryption key measured in bits, which directly determines the size of the keyspace and impacts the security of encrypted data.
- **key pair**: A set of two related cryptographic keys consisting of a public key and a private key used in asymmetric encryption.
- **keyspace**: The total number of possible keys that can be used in an encryption algorithm; a larger keyspace increases security by making brute-force attacks more difficult.
- **mathematical inverses**: In asymmetric cryptography, the relationship between public and private keys where each key reverses the encryption performed by the other key.
- **private key**: The secret key in an asymmetric encryption system that is kept confidential and used to decrypt data or create digital signatures.
- **public key**: The key in an asymmetric encryption system that is shared publicly and used to encrypt data or verify digital signatures.
- **symmetric encryption**: A cryptographic method that uses the same key to both encrypt and decrypt information.

## FAQs

### Which key do you use to encrypt a message in asymmetric cryptography?

To send someone an encrypted message, you use the recipient's public key to encrypt the data. Only the recipient's matching private key can decrypt it, so even if the encrypted message is intercepted, no one else can read it.

### What happens if your private key is compromised in asymmetric encryption?

If a private key is exposed, stolen, corrupted, or shared, the entire key pair must be deleted and a new one generated. The security of asymmetric encryption depends entirely on the private key staying secret, so there is no safe way to continue using a compromised pair.

### Why does a longer key make encryption more secure?

A longer key creates a larger keyspace - an n-bit key has 2^n possible values - so an attacker attempting to brute-force the key needs roughly 2^(n-1) guesses on average. However, longer keys also require more processing time to encrypt and decrypt, so there is a tradeoff between security and performance.

### Can you compare an RSA key length to an AES key length to determine which is more secure?

No - key-length comparisons are only valid within the same cryptographic algorithm. An RSA 4096-bit key can be compared to an RSA 2048-bit key, but RSA and AES key lengths cannot be directly compared to each other because the two algorithms use their key bits differently.

### What are RSA and ECC used for in AP Cybersecurity?

RSA and elliptic curve cryptography (ECC) are common asymmetric encryption algorithms used to encrypt and decrypt data. They are also applied in digital signatures and digital certificates, which are foundational to secure communication on the internet.

## Structured Data

```json
{"@context":"https://schema.org","@type":"FAQPage","inLanguage":"en","mainEntity":[{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2#which-key-do-you-use-to-encrypt-a-message-in-asymmetric-cryptography","name":"Which key do you use to encrypt a message in asymmetric cryptography?","acceptedAnswer":{"@type":"Answer","text":"To send someone an encrypted message, you use the recipient's public key to encrypt the data. Only the recipient's matching private key can decrypt it, so even if the encrypted message is intercepted, no one else can read it."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2#what-happens-if-your-private-key-is-compromised-in-asymmetric-encryption","name":"What happens if your private key is compromised in asymmetric encryption?","acceptedAnswer":{"@type":"Answer","text":"If a private key is exposed, stolen, corrupted, or shared, the entire key pair must be deleted and a new one generated. The security of asymmetric encryption depends entirely on the private key staying secret, so there is no safe way to continue using a compromised pair."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2#why-does-a-longer-key-make-encryption-more-secure","name":"Why does a longer key make encryption more secure?","acceptedAnswer":{"@type":"Answer","text":"A longer key creates a larger keyspace - an n-bit key has 2^n possible values - so an attacker attempting to brute-force the key needs roughly 2^(n-1) guesses on average. However, longer keys also require more processing time to encrypt and decrypt, so there is a tradeoff between security and performance."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2#can-you-compare-an-rsa-key-length-to-an-aes-key-length-to-determine-which-is-more-secure","name":"Can you compare an RSA key length to an AES key length to determine which is more secure?","acceptedAnswer":{"@type":"Answer","text":"No - key-length comparisons are only valid within the same cryptographic algorithm. An RSA 4096-bit key can be compared to an RSA 2048-bit key, but RSA and AES key lengths cannot be directly compared to each other because the two algorithms use their key bits differently."}},{"@type":"Question","@id":"https://fiveable.me/ap-cybersecurity/unit-5/asymmetric-cryptography/study-guide/VwtcdE1OgUXoQu0fiDG2#what-are-rsa-and-ecc-used-for-in-ap-cybersecurity","name":"What are RSA and ECC used for in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"RSA and elliptic curve cryptography (ECC) are common asymmetric encryption algorithms used to encrypt and decrypt data. They are also applied in digital signatures and digital certificates, which are foundational to secure communication on the internet."}}]}
```
