By RJ Gazarek
Before we get started, I want to call out something very specific. We are going to cover encryption today, and not salting or hashing. These are two different things that are often associated together when storing things like passwords in a secure manner.
A Quick Overview of Encryption
Encryption at its core basis is a method of turning data into a form that, while keeping intact its original meaning, is not understandable by anyone without a decryption key.
Going one step higher, we can think of the process of encryption as having a letter typed out on an envelope, that we store in a sealed container with a lock on it. And nobody can open that container and read the contents of the letter without the key associated with the lock on the box.
So that’s it – that’s the basic premise of encryption. What changes from encryption type to encryption type are the types of “locks” and the types of “keys” that are used to conceal the data that is being sent.
Two Main Types of Encryption
In the context of encryption keys, there are two main types of encryption: Symmetric and Asymmetric. Symmetric encryption requires that the same key used to “lock the box” is the one that is used to open the box. Asymmetric Encryption means one key is used to lock the box, and a different key is used to unlock the box (and ONLY that key can unlock the box).
Many types of encryption algorithms and types will use, either Symmetric or Asymmetric or in some cases a combination of both – such as in SSL data transmission.
Use of Symmetric Encryption
You’ve probably heard of Advanced Encryption Standard (AES), such as AES-256 Encryption (This is the standard we use for encrypting data stored in Secret Server). This is a type of Symmetric Encryption where a single Master Key is used to both encrypt and decrypt the data. AES is an extremely fast encryption protocol both at the hardware and the software levels.
AES-256 Encryption is the standard approved by the NSA for encrypting Top Secret information.
Use of Asymmetric Encryption
Asymmetric encryption is the type that is used most frequently when needing to securely send data from one machine to another. Remember, Asymmetric has a single lock with two keys. One key is called the Private Key and the other key is called the Public Key. Anything encrypted with the Public Key can ONLY be decrypted with the Private Key; No, a public key can NOT decrypt data if it was used to encrypt the data, again, ONLY the private key can unlock that data.
Therefore, the Public Key is not something that necessarily needs to be safeguarded, and in fact, it usually isn’t. When people or organizations (like news agencies) want to receive sensitive encrypted data, they will send their public key out to people, who can use it to encrypt the data and send it to the holder of the private key. Once the Private Key holder has the encrypted data (again, encrypted with the public key), then that person (and only that person) can decrypt the message.
Many times, Public/Private Keypairs are also used to authenticate someone into an endpoint – such as a Linux machine using SSH.
This also works in reverse, for proving the validity of a message that came from a single person, but that is outside the scope of this article.
One of the most popular types of Asymmetric Encryption is RSA.
What’s Going on Behind The Scenes?
In short? A whole lot of computations, algorithms, prime numbers, and math. Far too many technical details to get into here, but we encourage you to look online and read more about it. If you would like us to take more of a detailed dive, specifically into encryption, just let us know and we’ll do just that!