How does encryption work?

Encryption is the process of scrambling data. There are many different (and complicated) ways to scramble and unscramble information. This section provides a brief description of encryption without going into too much technical detail.

On the Internet, there are two main uses for encryption. One occurs when you visit a "secure" Web site, such as an online store or shopping mall. This is called server-side encryption because it uses the Digital ID given to the server (computer) that runs the Web site. The other use occurs when you send or receive encrypted e-mail. In both cases, the encryption process involves exchanging public keys.

When encrypting information, the encryption process is done with either a public or a private key and then decrypted with the matching public or private key. Think of it as a lock that requires one key to close the lock and another key to open the lock. For example, when you visit a secure Web site, your computers receives the Web site's public key. When your computer sends information to the Web site, your computer encrypts it using the Web site's public key. The only way to decrypt the information you are sending is with the Web site's private key.

The same process is needed for secure e-mail. Before you can send someone an encrypted message, you need their Digital ID, which contains their public key. Your e-mail application uses their public key to encrypt the message. From that point on, only the recipient's private key can decrypt the message. So, you can distribute your Digital ID (and its public key) to as many people as you would like without harming the integrity of your Digital ID. However, you must guard your private key, since it is used to decrypt any messages sent to you.

There is one more topic of interest: trust. Many different companies (CAs) can create Digital IDs. Your applications are configured to trust Digital IDs that come from a few highly reputable companies. So, if someone sends you their Digital ID (either via e-mail or from a Web site you visit) and it is from a CA that your application does not trust, you will get an alert message asking if you want to trust the new CA.

For more information on trust, see What is public key infrastructure (PKI)? and What applications use Digital IDs?.

, Symantec Corporation. All rights reserved.
 Logo