Confidentiality is achieved through encryption. A plain text is scrambled using a key into an unintelligible cipher text. The process is inverted with decryption where the cipher text is transformed into the original plain text. This procedure is called symmetric encryption because the same key is used for encryption and decryption. The key must be known to both parties ahead of time. For a particular cryptographic algorithm, the longer the key the more secure it will be. The difficulty to transmit the key is the main disadvantage of symmetric encryption.

In asymmetric encryption, a key pair is made up of the public key and the private key. The two keys are related mathematically, but it is not possible to deduce one from the other. The public key can be freely published whereas the private key must be kept a secret by the owner of the key. Indeed, asymmetric encryption offers no protection if the private key is compromised. The public and private keys are inverses of each other. Encrypting with the public key produces a cipher text that can only be decrypted by the private key. This can be done by everyone to ensure the message can only be understood by owner of the private key. Inversely, encrypting with the private key produces a cipher text that can be decrypted by the public key. Since everyone can have the public key, this cipher text is not secret, but it proves that it originated from the owner of the private key.

Public key encryption imposes considerable computational overhead and is not appropriate for securely transmitting large amounts of data. It is more feasible to use public key encryption to send a symmetric key, which can then be used to encrypt additional data. This is the approach used by the SSL protocol.