Understanding Encryption in Realm

Question

"This makes it so that all of the data stored on disk is transparently encrypted and decrypted with AES-256 as needed, and verified with a SHA-2 HMAC. The same encryption key must be supplied every time you obtain a Realm instance."

I am trying to understand the above statement mentioned in the "Encryption" section of Realm documents. From my understanding about Cryptography, we use public key to encrypt and private key to decrypt. Does the above statement mean that we are using the same key for encryption/decryption?

Answer 1

There are two major forms of encryption, symmetric such as AES and asymmetric such as RSA, there are major differences with some generalities and simplifications.

Symmetric encryption is used to encrypt data, there is only one key and key lengths are generally 128-bits or 256-bits. It is very fast and has no real size limits.

Asymmetric encryption is generally used to encrypt symmetric keys and for signing. There are two keys, one for encryption (the public key) and another for decryption (the private key), the key size is generally 2048-bits or 4096-bits. It is slow, 100 to 1000 times slower than symmetric encryption and the data size is limited to the key size, both of these make asymmetric encryption a non-starter for data encryption. Asymmetric encryption is generally used when separate encryption and decryption keys are needed, usually by different parties sucha as client and server (think HTTPS). There is also PKI and secure open distribution of public keys solving the key distribution problem.

Example: HTTPS uses both asymmetric and symmetric encryption. The data is encrypted with symmetric encryption (ex AES) and the is encrypted with asymmetric encryption (ex RSA).

Asymmetric encryption (ex RSA) is no more secure than symmetric encryption (ex AES).

In the case of the DB AES, a symmetric encryption method is used.