Another important caveat to asymmetric cryptography is that it typically requires a trusted, centralized authority. This is because the problem of verifying that someone is who they say they are isn’t limited to just proving that someone holds a private key (something asymmetric encryption can do on its own). Instead, to ensure that (for example) a web server’s SSL/TLS certificate is not only technically valid, but also authentic (truly represents the organization it claims to), a central authority (Google, for example) must be referred to.
This creates more opportunities for hackers, as any breach within the hierarchy of validating keys compromises all the keys below. Although such breaches do happen, much of the internet relies on this system. The system as a whole is known as public key infrastructure (PKI). A trusted party that issues certificates is a certification authority (CA).
An alternative to PKI is pretty good privacy (PGP), wherein users trust each other on a peer-to-peer, distributed basis, instead of relying on a centralized authority (here too asymmetric keys are used to exchange symmetric keys). PGP is commonly used to encrypt email and to verify that downloads have not been tampered with.
The most sophisticated use of asymmetric keys and cryptography in general is found in blockchain systems, exemplified by Bitcoin. By eliminating the need for a centralized authority and moving the validation of cryptographically signed transactions to the network, a blockchain opens up the possibilities for new kinds of systems built on a distributed-yet-secure layer atop the internet infrastructure. We are just now witnessing the teasing out of these possibilities.
Blockchains and the systems built on them are essential cryptographic structures. Key pairs are used to sign transactions, and crypto hashes are used to validate the links in the chain.
This has been a whirlwind tour of the current crypto landscape. Although there is much complexity involved, understanding the lay of the land is increasingly valuable to all of us, programmers and non-programmers alike.