Encryption is essential to keep sensitive data and communications away from prying eyes. Encryption protects files on your computer’s hard drive, a banking session, data stored in the cloud, sensitive emails, and a long list of other applications. Cryptography also provides verification of data integrity and authentication of the data’s source.
Encryption falls into two basic types of cryptography: symmetric and asymmetric.
- Symmetric cryptography has a single key that encrypts and decrypts. As a result, it must be shared with someone else to complete the encrypted communication. Common algorithms include the Advanced Encryption Standard (AES), Blowfish, Triple-DES (Data Encryption Standard), and many more.
- Asymmetric cryptography has two distinct keys, one public and one private, that work as a matched set. The set of keys belongs to one user or one service: for example, a web server. One key is for encryption and the other is for decryption.
- If the public key encrypts the data, it keeps the data confidential. This is because the owner of the private key is the only one who can decrypt it.
- If the private key encrypts the data, it proves the authenticity of the source. When the data is successfully decrypted with the public key, it means that only the private key could have encrypted it. The public key is truly public, accessible to anyone.
A third topic is hashing. Even though it is not encryption, it needs to be included at this point in security discussions. Hashing runs an algorithm against a message that calculates a resultant answer, called the hash, that is based on the bits of that message. Bits can be data, voice, or video. Hashing does not change the value of the data in any way. In contrast, encryption alters the data to an unreadable state.
Hashing proves that the bits of the message have not changed. It ensures the data has integrity and that it is in its original format. Only hashing protects data from accidental changes.
If the hash is encrypted with an asymmetric private key, it proves that a hacker has not maliciously tampered with the data. Malicious changes cannot occur unless the private key is compromised.
If the key has not been compromised, then you know that the person who has the private key must be the person who calculated the hash. That key could be a symmetric key, which is sometimes referred to as a private key, or the asymmetric private key.