The Encryption Key
Therefore, the core of current encryption technologies is the ‘encryption key,’ a parameter that specifies the transformation from plaintext (data given before encryption) to ciphertext (a cryptogram, or encrypted data), and vice versa.
Operation of a key is based on the ‘exclusive OR’ operation in mathematical logic. The output of a bitwise exclusive OR operation is the result of an addition and subtraction calculation of each bit of a binary number. The bitwise exclusive OR gives an output of 1 whenever each bit input does not match. Therefore, it becomes the original value by repeating the operation. In other words,
If the plaintext P is operated with the key value K a cryptogram P + K is created.
If this cryptogram is again operated with the key value K, then
(P + K) + K = P
… it can be decrypted to the original plaintext P.
While a simple concept, there are standards for key specifications, such as the length of the encryption key and the number of times the key can be reused. Current standards are only considered safe until the introduction of completely new computing methods such as quantum computation. Therefore proper encryption key management requires a good understanding of various key types and their properties, to securely store, protect and retrieve keys with different specifications.
There are different types of encryption: one-way (also called “hashing”), symmetric, and asymmetric.
One Way (Hashing)
Passwords used for identification use the One-way Encryption algorithm. For example, before saving a password, the password is encrypted. And when a password is ‘password,’ it is encrypted and saved as ‘WaBauZ2.Hnt2.’ There should be no similarity between the plaintext ‘password’ and the cryptogram ‘WaBauZ2.Hnt2.’
The one-way encryption cannot be reversed to convert a cryptogram into plaintext. Passwords encrypted by hashing are not decrypted for verification. Instead, the same hash is performed on a password input and compared against the hashed password stored in the system to verify an ID. This way, the sensitive password need not be stored in plaintext form.
Symmetric Key Encryption
For this method, the encryption and decryption keys are the same. Sometimes referred to as private key encryption, both sender and recipient must have the same symmetric key to receive the proper and secure communication.
A cryptogram is computed by transforming the plaintext using the binary encryption key value. The recipient of the cryptogram then utilizes the identical encryption key value in the reverse cryptographic algorithm to decrypt the cryptogram. Therefore, the sender and the recipient must securely share knowledge of an identical encryption key. When a person sends an encrypted message to another person, the recipient should also receive the key.
Asymmetric Key Encryption
Asymmetric, or public key, encryption is different from symmetric key encryption because it uses two different keys: a private key and a public key. It encrypts with a public key and decrypts with a private key.
Just as its name implies, a public key is an open key, and anyone can encrypt plaintext. However, only the person who has a private key can decrypt the ciphertext.
When the locations of private key and public key are switched, it becomes an ‘e-signature.’
The encryption method is determined based on the environment.
According to different encryption needs, methods and formats are selected. The encryption process is then designed, and the system is implemented. From simple to complex implementations of encryption, selecting an appropriate system depends on one’s security needs and other economic considerations. Simply implementing public keys into an existing private key system does not upgrade it into a public key system. These two key methods are distinct, and a decision between the two has to be made based on need.
- The private key method (symmetric) is preferred if there is a secure channel of communication for key distribution and management, and if encryption needs to be executed at high speeds.
- The public key method (asymmetric) is preferred if there is no secure channel of communication for key distribution and management, and if transfer non-repudiation is required.
Designing an encryption system is therefore about understanding an environment’s specific requirements so as to select the most appropriate encryption methods.