- Encryption and Decryption
- Digital Signatures
- Choosing an Encryption Algorithm

*Encryption* provides the ability to use mathematical algorithms to protect the confidentiality and integrity of information transmitted via insecure means or stored in an insecure location. While the detailed mathematics underlying encryption may be intimidating, the basic concepts are quite accessible, and all technology professionals should have at least a basic understanding of how encryption provides these security benefits.

In this article, we take a look at how you can use encryption algorithms to protect confidential information and prove to a recipient or third party that you are the undeniable sender of a message. You'll also learn the basic principles that should guide the selection of an encryption technology.

## Encryption and Decryption

Encryption takes cleartext data and uses a mathematical algorithm, in conjunction with an encryption key, to convert it into a form that is only readable by someone who knows the algorithm that was used and has access to the proper decryption key. This encrypted data is often referred to as the *ciphertext*. The encryption algorithm may be from one of two classes: symmetric algorithms and asymmetric algorithms.

### Symmetric Encryption

In a *symmetric encryption algorithm*, both the sender and the recipient use the same key (known as the *secret key*) to encrypt and decrypt the message. One very basic symmetric encryption algorithm is known as the *rotational cipher*. In this algorithm, the sender simply "adds" the key to each character of the cleartext message to form the ciphertext. For example, if the key is 2, "A" would become "C", "B" would become "D", and so on. The recipient would then decrypt the message by "subtracting" the key from each character of the ciphertext to obtain the original message.

Let's work through a brief example where we take the word "APPLE" and encrypt it with a key of 4 using this simple algorithm:

Cleartext: A P P L E Key: 4 4 4 4 4 Ciphertext: E T T P I

Of course, modern symmetric encryption algorithms are far more complex, making use of sophisticated combinations of substitution (changing one letter for another) and transposition (rearranging the letters of a message). You may be familiar with some of these algorithms. The Data Encryption Standard (DES), Advanced Encryption Standard (AES), Blowfish, and Twofish are all examples of symmetric algorithms.

### Asymmetric Encryption

In an *asymmetric encryption algorithm*, the sender and recipient use different keys to encrypt and decrypt a message. Each participant in the cryptosystem has a pair of keys assigned to him: a public key and a private key. The *public key*, as the name implies, is treated as public information and shared with all users of the encryption system. The *private key*, on the other hand, is a closely guarded secret that should be known only to its owner. Messages encrypted with one key from a public/private pair may only be decrypted with the other key from that pair.

When encrypting a message with an asymmetric algorithm, the sender encrypts the message with the recipient's public key (which, again, is known to everyone). This creates a message that only the intended recipient can decrypt, because he or she is the only person with access to the corresponding private key necessary to decrypt the message. Even the sender can not decrypt the message that he or she created once it is encrypted with the public key belonging to another user.

Examples of modern asymmetric encryption algorithms include Pretty Good Privacy (PGP) and the Rivest Shamir Adelman (RSA) algorithm.