Interview › Security & DevSecOps
What is the difference between symmetric and asymmetric encryption? [Advanced]
Answer
Symmetric encryption uses the same key to encrypt and decrypt data. Asymmetric encryption uses a public/private key pair, where one key encrypts or verifies and the other decrypts or signs. Symmetric encryption is faster; asymmetric encryption helps with identity, key exchange, and signatures.
Technical explanation
AES is a common symmetric algorithm for bulk data encryption.
RSA and elliptic-curve algorithms are common asymmetric approaches for key exchange, certificates, and digital signatures.
TLS uses asymmetric cryptography to authenticate and negotiate keys, then symmetric cryptography for efficient data transfer.
Hands-on example
Example: an application encrypts a file with a fast symmetric data key. The data key is encrypted with a KMS-managed asymmetric or envelope key. To read the file, the app asks KMS to decrypt the data key, then uses the symmetric key locally.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]