By Stephen Bucaro
Encryption involves making the contents of a document secret by encoding its data.
Key encryption uses a sequence of bits (called a key) in an algorithm performed
on the data in a document. After the document has been encrypted it can be read only
by using the proper key to decrypt or reverse the algorithm. Security is
provided because only the intended receiver of the document has the proper key
required to decrypt the document.
• Encryption can act as a last means of defense against an intruder. Even if an intruder
has bypassed all other levels of security, the data may still be safe if it is encrypted.
If an encrypted document is valid, it provides the following assurances:
• The document was actually send by the stated party
• The document has not been altered in transit
• The document can be viewed only by its intended recipient.
A hacker may attempt to read an encrypted document by repeatedly trying all possible
sequences of bits to decrypt the file. This is referred to as a brute force attack.
The more bits that are used in the key, the more difficult it is for a hacker to discover
the key. For example, a 16 bit key can have one of 2^16 possible different values. A 128
bit key can have one of 2^128 possible different values. Obviously, it's going to take a
hacker much longer to crack a document encrypted with a 128 bit key than to crack a document
encrypted with a 16 bit key.
DES (Data Encryption Standard) is an encryption algorithm developed by IBM in the 1970s.
DES uses a 56 bit key. Today's powerful computers make it possible for a hacker to crack
a DES key within a couple of days. 3DES (Triple DES) provides higher security by using
three different 56 bit keys to encrypt a document.
Today more advanced encryption algorithms are used. The AES (Advanced Encryption Standard)
uses multiple 128, 160, 192, or 256 bit keys to encrypt a document. With the RSA encryption
standard (named after its inventors Ronald Rivest, Adi Shamir, and Leonard Adleman) a key is
created by choosing two large prime numbers and multiplying them together. RC4 is a standard
that uses multiple keys as long as 2048 bits to encrypt a document.
Private Key Encryption
There are two kinds of key encryption: private key and public key. In
private key encryption a single key is used that only the sender and the receiver know.
Private key encryption is also called symmetric encryption because the same key is
used to both encrypt and decrypt the document.
Public Key Encryption
The problem with private key encryption is that the sender must somehow share his key with
the recipient. The key can be sent in a separate transmission than the document, but that can
still be vulnerable to hackers.
Public key encryption uses two keys. One key, called the private key can only
decrypt a document. The private key is known only to the intended receiver of the
document. The private key is never shared with anyone or sent across the Internet.
The other key, called the public key, can only encrypt a document. Each organization's
or person's public key is distributed to people you want to communicate with them. Public keys
are often published so that a company's or person's public key can be obtained from a
public key server, a publicly available host that provides a list of public keys.
The combination of the public key and the private key is called a key pair. To send
a secure document, use the recipientís public key to encrypt the document. Only the intended
recipientís private key can decrypt documents encrypted with their public key. Because public
key encryption requires the use of two different keys, it is called asymmetric encryption.