Continue to Site

How Encryption Works

Encryption is the process of encoding information in such a way that only the computer with the key can decode it. Most computer encryption systems are either symmetric-key encryption or public-key encryption Symmetric-key encryption is a secret code that each of the two computers must know in order to decode the information.

By Marshall Brain April 15, 2002

Encryption is the process of encoding information in such a way that only the computer with the key can decode it. Most computer encryption systems are either symmetric-key encryption or public-key encryption

Symmetric-key encryption is a secret code that each of the two computers must know in order to decode the information. The code provides the key to decoding the message. For example, you create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet. So “A” becomes “C,” and “B” becomes “D.” You have already told a trusted friend that the code is “Shift by 2.” Your friend gets the message and decodes it. Anyone else who sees the message will see only nonsense.

Public-key encryption uses a combination of a private key and a public key. Only your computer knows the private key, while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key.

The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

Implementing public-key encryption on a large scale, such as a secure web server might need, requires digital certificates. A digital certificate ensures that the web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is who it says it is, and then provides the public keys of each computer to the other.

A popular implementation of public-key encryption is the secure sockets layer (SSL). Originally developed by Netscape, SSL is an internet security protocol used by internet browsers and web servers to transmit sensitive information. SSL recently became part of an overall security protocol known as transport layer security (TLS).

In your browser, you can tell when you are using a secure protocol, such as TLS, in a couple of different ways. You will notice that the “http” in the address line is replaced with “https,” and you should see a small padlock in the status bar at the bottom of the browser window. The padlock symbol lets you know that you are using encryption.

Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetry. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.

The key in public-key encryption is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value. Here’s a simple example:

Input number Hashing algorithm Hash value
10,667 Input # x 143 1,525,381

You can see how hard it would be to determine that the value 1,525,381 came from the multiplication of 10,667 and 143. But if you knew that the multiplier was 143, then it would be very easy to calculate the value 10,667. Public-key encryption is actually much more complex than this example, but that is the basic idea.

Public keys generally use complex algorithms and very large hash values for encrypting, including 40-bit or even 128-bit numbers. A 128-bit number has a possibility of 2128or 3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000 different combinations.

Authentication

Authentication is another data security process. It is used to verify that the information comes from a trusted source. If information is “authentic,” you know who created it and you know that it has not been altered in any way since that person created it. Encryption and authentication work hand-in-hand to create a secure environment. Authentication can be done using passwords, pass cards, or digital signatures. The digital signature standard (DSS) is based on a type of public-key encryption method that uses the digital signature algorithm (DSA).