How does encryption work? A look at symmetric and asymmetric encryption
Today we’re talking about encryption, but not salting or hashing, even though the two are often associated with one another when storing things like passwords in a secure manner. They are actually very different, and this post focuses on encryption.
What is encryption?
Encryption is a method of turning data into a form that, while keeping its original meaning intact, is not understandable by anyone without a decryption key.
Think of the process of encryption as having a letter in an envelope stored in a sealed container with a lock on it. Nobody can open that container and read the contents of the letter without the key associated with the lock on the box.
And that’s it—the basic premise of encryption. What changes from encryption type to encryption type are the types of “locks” and the types of “keys” that are used to conceal the data that is being sent.
There are two types of encryption
In the context of encryption keys, there are two main types of encryption: symmetric and asymmetric.
Some encryption algorithms will use a combination of symmetric and asymmetric, such as in SSL data transmission
Symmetric encryption requires that the same key used to lock the box is the one that is used to open the box. Asymmetric encryption means one key is used to lock the box, and a different key is used to unlock the box (and ONLY that key can unlock the box).
Many types of encryption algorithms will use either symmetric or asymmetric, or in some cases, a combination of both, such as in SSL data transmission.
Where is symmetric encryption used?
You’ve probably heard of Advanced Encryption Standard (AES), such as AES-256 Encryption. (This is the standard we use for encrypting data stored in Secret Server.) This is a type of symmetric encryption where a single Master Key is used to both encrypt and decrypt the data. AES is an extremely fast encryption protocol both at the hardware and the software level.
AES-256 Encryption is the standard approved by the NSA for encrypting top secret information.
Where is asymmetric encryption used?
Asymmetric encryption is the type that is used most frequently to securely send data from one machine to another. Remember, asymmetric has a single lock with two keys. One key is called the Private Key and the other key is called the Public Key. Anything encrypted with the Public Key can ONLY be decrypted with the Private Key; a public key CANNOT decrypt data if it was used to encrypt the data—ONLY the private key can unlock that data.
Therefore, the Public Key is not something that necessarily needs to be safeguarded, and in fact, it usually isn’t. When people or organizations (like news agencies) want to receive sensitive encrypted data, they will send their public key out to people, who can use it to encrypt the data and send it to the holder of the private key. Once the Private Keyholder has the encrypted data (again, encrypted with the public key), then that person (and only that person) can decrypt the message.
Often Public/Private Keypairs are also used to authenticate someone into an endpoint—such as a Linux machine using SSH.
This also works in reverse, for proving the validity of a message that came from a single person, but that is outside the scope of this article.
One of the most popular types of asymmetric encryption is RSA.