What is Cryptography?

Last Updated May 6, 2019

Cryptography is the art of converting data to a format that is unreadable without the aid of a tool or additional information. Encrypted data may take the form of written text, a radio transmission, a digital stream of data or almost any other communication medium.

Messages, called ciphers, are created by using an encryption key and can’t be read, or deciphered, without a decryption key. The two most popular ways of encrypting and decrypting data are the shared-secret key and public key methods.

Shared-secret key encryption

Shared-secret key encryption, also known as symmetrical encryption, uses the same key for encryption and decryption. Anyone who possesses the key can receive the message, so key distribution must be closely monitored.

This method is fast and suitable for large streams of data. It can be used with cypher block chaining (CBC), which depends upon an encryption key plus an initialization vector (IV) to form a cipher from a series of data blocks. Anyone wishing to decrypt the message must have the key and the IV. Since this method is vulnerable to certain exploits, it is often used in conjunction with public-key encryption.

Public key encryption

Public key encryption, or asymmetrical encryption, uses two different keys that share a mathematical link. One key is public and can be shared among recipients, and the other is private, held only by the originator of the message. The public key can be used to encrypt messages, but it cannot decrypt them. The private key is the only key that can decrypt the message.

Here is how this method works. Y creates a private key and an associated public key. When X wants to send a message to Y, X requests the public key. Y sends the public key to X. Now X encrypts the message and sends it back to Y. Since the private key was never part of an exchange, it can’t be intercepted. Y, the holder of the private key, is the only person who can decrypt and read the message.

Other encryption methods

In practice, asymmetrical and symmetrical encryption often work together for maximum speed and security. Public key encryption starts a session and transfers a shared-secret key used for the remainder of the session.

Digital signatures can be used to verify the sender of a message in environments where holders of public and private keys can be trusted. It works by applying a hash algorithm to the message contents to create a message digest, which is a compact representation of the message. The message digest is encrypted, forming a personal signature.

The recipient of the message decrypts the digital signature, obtains the hash algorithm, and applies it to the contents of the message to create a new message digest. If this new message digest matches the message digest received with the message, then the message has not been altered and can be trusted. Digital signatures do not encrypt the message, so if the message is confidential then encryption must be applied to the contents.