Encryption Explained: Symmetric, Asymmetric, HTTPS, Hashes, and SM2/SM4 Standards

Encryption converts clear‑text data into ciphertext through mathematical algorithms, ensuring that only holders of the correct decryption key can access the original information.

1. Basic Concepts

The most common encryption methods are symmetric encryption and asymmetric encryption .

2. Symmetric Encryption

Symmetric encryption (also called shared‑key or private‑key encryption) uses the same key for both encryption and decryption. It is inexpensive to generate and requires little computational power, resulting in low latency. Its drawback is that anyone who obtains the key can decrypt the data, so the key exchange itself must be protected.

The author frequently works with AES (Advanced Encryption Standard) , which is the typical symmetric algorithm used in interfaces at companies such as eLong and Shenzhou.

Example code:

Execution result:

3. Asymmetric Encryption

Asymmetric encryption (public‑key encryption) uses a pair of keys: a public key for encryption and a private key for decryption. Anyone can encrypt with the public key, but only the holder of the private key can decrypt.

Because key sizes range from 1,024 to 2,048 bits, asymmetric encryption is computationally expensive and unsuitable for large data blocks.

The SM2 algorithm, released by China’s National Cryptography Administration in December 2010, is a domestically designed public‑key scheme based on elliptic‑curve cryptography (ECC) and offers higher security.

SM2 encryption example:

Execution result:

4. What HTTPS Actually Is

HTTPS is not a single encryption algorithm; it is a “combo‑punch” that assembles several components into a secure communication channel.

If encryption algorithms are viewed as individual parts (screws, gears), HTTPS is the fully assembled precision machine (a car).

HTTPS workflow:

Step 1 – The client (browser) establishes a TCP connection with the server.

Step 2 – The client sends a Client Hello containing supported cipher suites and TLS version; the server replies with a Server Hello and its SSL certificate, which includes the public key, hostname, and validity period.

Step 3 – After verifying the certificate, the client generates a session key and encrypts it with the server’s public key; the server decrypts it with its private key.

Step 4 – Both sides now share the same session key (symmetric encryption) and can exchange data securely.

5. Are Hash Algorithms Encryption?

The author has studied API authentication mechanisms in Alibaba Cloud and Tencent Cloud, which often rely on HMAC‑SHA256 . This is a fingerprint‑generation process based on request canonicalization.

SHA‑256 is a one‑way hash algorithm, not a reversible encryption algorithm. The key difference is reversibility:

Encryption algorithms (e.g., AES, RSA) aim to hide information and are reversible; ciphertext can be decrypted back to the original data.

Hash algorithms (e.g., SHA‑256) aim to extract a fixed‑length fingerprint and are irreversible; the original input cannot be reconstructed from the hash.

6. National‑Standard Mutual Authentication (SM2/SM4)

The overall process consists of four stages.

Stage 1 – Identity Presentation and Initial Verification

1. Client A sends its SM2 certificate to platform B, encrypting the certificate with B’s SM2 public key.

2. Platform B decrypts the certificate with its SM2 private key and validates the certificate (CA chain, validity, revocation).

Stage 2 – Server‑Side Challenge‑Response

3. Platform B generates a nonce, signs it with its SM2 private key, and sends it to A to prove its identity.

4. Client A verifies the signature using B’s SM2 public key; successful verification confirms B’s authenticity.

Stage 3 – Client Ownership Proof

5. Client A signs specific data with its SM2 private key and returns the signature to B.

6. Platform B verifies the signature with A’s SM2 public key, establishing mutual trust.

Stage 4 – Session Token Distribution

7. After identity confirmation, B issues an access token encrypted with the symmetric algorithm SM4 (the Chinese national symmetric standard).

8. Client A decrypts the token using SM4 and uses the token for all subsequent business communication.