Encryption

Encryption is the process of rendering a message (or data) unusable to all but the intended recipients, who have the ability to decrypt it.

What is Encryption?

The process of rendering a message (or data) unusable to all but the intended recipients, who have the ability to decrypt it. Cryptography is the science of creating workable procedures for encrypting and decrypting messages.

The goal is to ensure that a message intercepted by a distrusted user cannot be decrypted in a feasible amount of time.

How it works

Although there are many different approaches to encryption, the two most common are

  • Symmetric key encryption:
    This method uses a secret key known only to the sender and recipient of a message (and perhaps to others that they trust). The secret key is used both to encrypt the message when it is sent and to decrypt it when it is received. The actual encryption process involves mathematically combining (hashing or transforming) the message and the key in some complex fashion that is virtually impossible to undo unless the recipient also has the key. Symmetric key encryption is very secure, but suffers from one problem - if you want to send a message to someone who does not have your key, you must also find a way to securely give them a copy of the key. This difficulty makes symmetric key encryption generally unworkable for electronic communication over a network or telecommunications service, except where only the original sender and recipient will need the key. For example, symmetric key encryption works in cellular phone communication when only the subscriber and the service provider need a copy of the user’s key.

     

  • Public key encryption:
    This method is now commonly used in many computer networking and telecommunications systems for transmitting sensitive information using the Secure Sockets Layer (SSL) protocol - for example, sending credit card numbers over the Internet. SSL establishes a secure communications session over the Internet by using public key encryption, which provides every participating user with a public key and a private key. Users are the only ones aware of their private keys, while their public keys are generally available to anyone who wants them. Remember that if a message is encrypted with a user’s public key, it can be decrypted only with the same user’s private key, and vice versa.

     

For example, if user A wanted to send an encrypted message to user B, it would typically work like this:

  1. User A requests user B’s public key or obtains this key from a certificate authority (CA) that both users trust.
  2. User A encrypts his message using user B’s public key and sends the encrypted message to user B.
  3. User B receives the encrypted message from user A and decrypts it with user B’s private key.

    Graphic E-3. The public key encryption method.

NOTE

The preceding approach outlines the steps used for encrypting and decrypting the actual message being transmitted during a secure communication session. A different approach, called a digital signature, is used to confirm the authenticity of the sender and the integrity of the message. Digital signatures are encrypted in a reverse fashion to the message itself. Specifically, if user A wants to send his digital signature to user B, then

  1. User A creates a hash of his message using a hashing algorithm. This hash forms the basis of the digital signature, which user A then encrypts using his own private key.
  2. User A appends the encrypted digital signature and his own public key to the message, which is then encrypted using user B’s public key.
  3. User B receives the message and attachments, decrypts its contents using her own private key, and uses user A’s public key to decrypt the digital signature that user A attached to the message. User B then generates a hash of the received message and compares this to the digital signature that user A sent. If the two are identical, it is unlikely that the message has been tampered with in transit.