Encryption 101

Encryption at Rest¶

An example is a password on a laptop
- If the laptop is stolen, the data is already encrypted and useless.
Commonly within cloud environments. Even if someone could find and access the base storage device, they can't do anything with it.
Only one entity involved

Encryption in Transit¶

An encryption tunnel outside the raw data.
Anyone looking from the outside will only see a stream of scrambled data.
Used when there are multiple parties or systems at play.

Terms¶

plaintext: unencrypted data not limited to text
key: a password
ciphertext: encrypted data generated by an algorithm from plaintext and a key

Symmetric Encryption¶

The key is handed from one entity to another before the data. This is difficult because the key needs to be transferred securely. If the data is time sensitive, the key needs to be arranged beforehand.

Asymmetric Encryption¶

public key: cannot decrypt data but can generate ciphertext
private key: can decrypt data encrypted by the public key
- the public key is uploaded to cloud storage.
- the data is encrypted and sent back to the original entity.
- the private key can decrypt the data.

This is secure because stolen public keys can only encrypt data. Private keys must be handled securely.

Signing¶

Encryption by itself does not prove who encrypted the data.

An entity can sign a message with their private key
Their public key is hosted in an accessible location.
The receiving party can use the public key to confirm who sent the message.

Steganography¶

Encryption is obvious when used. There is no denying that the data was encrypted. Someone could force you to decrypt the data packet.

A file can be hidden in an image or other file. Is more difficult to find the message unless you know what to look for.

One party would take another party's public key and encrypt some data to create ciphertext. That ciphertext can be hidden in another file so long as both parties know how the data will be hidden.