Explain 2048 bit rsa.
On DigiCert's page, they advertise a 2048 bit SSL with a 256 bit encryption: http://www.digicert.com/256-bit-ssl-certificates.htm What exactly is the difference here and why are two encryption bits being referenced?
Here's a screenshot of the ad:
On Geotrust's Premium SSL ad, they advertise it as:
Security: domain control validation, strong 256-bit encryption, 2048-bit root So what's the difference between 256 bit encryption and 2048 bit root?
a big integer, and a "2048-bit key" is a key such that the big integer is larger than 22047 but smaller than 22048. 256-bit is about SSL. In SSL, the server key is used only to transmit a random 256-bit key (that one does not have mathematical structure, it is just a bunch of bits); roughly speaking, the client generates a random 256-bit key, encrypts it with the server's RSA public key (the one which is in the server's certificate and is a "2048-bit key"), and sends the result to the server. The server uses its private RSA key to reverse the operation, and thus obtain the 256-bit key chosen by the client. Afterwards, client and server use the 256-bit to do symmetric encryption and integrity checks, and RSA is not used any further for that connection.
See this answer for some more details. This setup is often called "hybrid encryption". This is done because RSA is not appropriate for bulk encryption, but symmetric encryption cannot do the initial public/private business which is needed to get things started. (SSL can do the key exchange with other algorithms than RSA so I have simplified the description a bit in the text above, but that's the gist of the idea.)