What Is Encryption and How Does It Work?

What Is Encryption?

Encryption encodes data, so only programs that know how to decode it can read it. It uses an algorithm—a set of ordered steps—to alter the information so that the receiving party can't read it without applying a similar algorithm to return it to its original state.

Encoding data is called encrypting. Decoding is called decrypting. The original unencrypted data is called plaintext, while we refer to the encrypted data as ciphertext. So, we encrypt plaintext into ciphertext and decrypt the ciphertext back into plaintext.

Figuring out how to decode data without the algorithm is called "breaking the encryption."

We use encryption to protect information so only the people and programs that need to see it can. We do this for many reasons, such as protecting financial information or simply safeguarding our privacy.

If you use a password manager, it stores your passwords in an encrypted file. Many computers go a step beyond encrypting files and use fully encrypted disks that you can't read without a password that unlocks the encryption. So, if someone steals the computer, they can't simply remove the disk and read it with another system.

You use encryption every day as you browse the web since nearly every website has moved to encrypted connections via Transport Layer Security (TLS)

How Does Encryption Work?

Most encryption programs use a "key" to transform plaintext into ciphertext, while the corresponding decryption program uses a key to decrypt it. As we'll see below, the most robust systems don't use the same keys to encrypt and decrypt data.

Given enough time and resources, you can break encryption via a "brute-force" attack.  This will always be possible, but the goal of encryption algorithms is to make the process take too long or require too many resources.

So, modern encryption has continually strengthened as computers become more powerful and more able to break encryption algorithms that were previously considered safe. Brute forcing your way through a scheme considered in the past might be easy today.

Encryption keys are usually created with a random or, more accurately, pseudo-random numbers and are generated by another algorithm.

Public and Private Keys

The most common encryption schemes use key pairs. Each pair comprises a private key, which only the owner should possess, and a public key that the owner shares with trusted parties. These keys rely on one-way functions to keep data safe. So, one key can encrypt data, and only the other can decrypt it.

When someone wants to send data to a key owner, they use the public key to encrypt it and send the ciphertext. Because of the nature of the keys and the algorithms, and only the private key can decrypt the text. So, the key pair owner can receive data from more than one person, and only they can read the messages, while the people sending the data can't read each other's mail.

You can also use the private key to "sign" a message with a digital signature that the receiver can verify with your public key. This helps authenticate the message by ensuring that you sent it.

Public Key Certificates

Public key certificates often called digital certificates or "certs," are files that prove the validity of public keys. They perform the authentication part of data encryption by verifying the sender of encrypted data.

A cert contains information about the key, the owner, and a digital signature from an entity that verifies the cert's contents. This entity is a critical part of the trust chain. If you trust them, you know you can trust the certificate and the key. 

For example, in TLS, a certificate's subject is typically a computer or other device, and it's the signing authority that verifies that the computer you're talking to is who they say they are. This helps prevent man-in-the-middle attacks.

Encryption Doesn't Have to Be Complicated

The underlying algorithms in data encryption involve a lot of complicated math, but once you understand them, the mechanics are rather simple. If you understand how keys work, you can understand how to secure data is transferred.