What is Encryption?
The process of rendering a message (or data) unusable to all but the intended recipients, who have the ability to decrypt it. Cryptography is the science of creating workable procedures for encrypting and decrypting messages.
The goal is to ensure that a message intercepted by a distrusted user cannot be decrypted in a feasible amount of time.
How it works
Although there are many different approaches to encryption, the two most common are
For example, if user A wanted to send an encrypted message to user B, it would typically work like this:
- User A requests user B’s public key or obtains this key from a certificate authority (CA) that both users trust.
- User A encrypts his message using user B’s public key and sends the encrypted message to user B.
- User B receives the encrypted message from user A and decrypts it with user B’s private key.
Graphic E-3. The public key encryption method.
The preceding approach outlines the steps used for encrypting and decrypting the actual message being transmitted during a secure communication session. A different approach, called a digital signature, is used to confirm the authenticity of the sender and the integrity of the message. Digital signatures are encrypted in a reverse fashion to the message itself. Specifically, if user A wants to send his digital signature to user B, then
- User A creates a hash of his message using a hashing algorithm. This hash forms the basis of the digital signature, which user A then encrypts using his own private key.
- User A appends the encrypted digital signature and his own public key to the message, which is then encrypted using user B’s public key.
- User B receives the message and attachments, decrypts its contents using her own private key, and uses user A’s public key to decrypt the digital signature that user A attached to the message. User B then generates a hash of the received message and compares this to the digital signature that user A sent. If the two are identical, it is unlikely that the message has been tampered with in transit.