Encryption Basics – Keys, Handshakes, and Certificates

If you’ve ever logged into a healthcare portal, bought something online, or logged into a website that starts with “https”, you’ve used encryption. It’s used for everything from protecting your emails from hackers, to guarding top secret government documents — and more importantly, it’s the only technology that can make the internet truly secure. Yet, just because its use is widespread doesn’t mean all your information is safe. It’s important to know encryption basics.

If you want to take control of your own security, you need to learn the history of encryption, how it works, and how to use it to protect confidential information. With our quick guide, you can quickly get up to speed on everything you need to know about encryption.

Encryption Basics

Encryption is a system that encodes a message or file so that it can only be read by certain people. Encryption scrambles data — such as an email or file — using a program called an algorithm or cipher. A long string of data, called a cryptographic key, works like a password to protect the file. Once the data is encrypted, it looks like meaningless gibberish to anyone trying to access it. The only way to read it is by using the key to decrypt (unscramble) the data.

There are two basic types of encryption: symmetric and asymmetric. Symmetric key encryption uses the same key to encrypt and decrypt the data.  Asymmetric encryption uses two keys: one to encrypt data, and one to decrypt it. It’s often referred to as public key encryption, because people who use it make the encryption key public, but keep the decryption key private. Anyone can send them an email or file encrypted with their public key, but only they can read it, using their private decryption key.

The History of Encryption

Modern cryptography is a recent invention, but the encryption basics go back thousands of years. As early as 1900 B.C., Egyptian scribes wrote in coded hieroglyphics to disguise their messages. Between 600 and 500 BC, Hebrew scribes used a substitution cipher called Atbash — a method of disguising messages by switching the letters. The scribes would replace the first letter of the alphabet with the last, the second letter with the second-to-last, and so on, so that no one could read their writing unless they knew how to unscramble it.

Greeks took things a step further with the scytale — a coded message that looks like a leather belt with a random series of letters on it. When it was wrapped around a piece of wood with a certain diameter, the letters on the belt would line up to spell out a message.

Some ancient cryptography has been lost, but we can see evidence of people using secret codes in many cultures, throughout history. In 1466, Leon Battista Alberti created the first polyalphabetic cipher — an invention that helped pave the way for modern cryptography. The Alberti cipher worked like a decoder ring. It used two disks — an outer disk with the alphabet and numbers written in order, and an inner disk, with characters out of order.

To use it, you’d line up a character on the inner disk with one on the outer disk, and make the substitutions the disks showed. To decrypt the message, someone would have to have a matching inner disk, and know how the ciphers were lined up. To make breaking encryption even harder, the person sending the message could rotate the disks partway through the cipher. Unless the recipient knew when and how to spin the disks, they wouldn’t be able to decipher the message.

Modern Cryptography

The encryption basics invented by Alberti paved the way for mechanical encryption hundreds of years later. Although there’s debate about who deserves credit for mechanical encryption, it seems that it was first proposed in 1666, by Samuel Morland. He created a design for a cryptographic machine that used geared wheels to create a more sophisticated cipher. Rotor machines work like a series of Alberti disks that rotate each time a letter is typed. Because the substitution changes with each turn of the wheel, and only repeats once the wheel has turned all the way around, messages are much more difficult to break.

By adding more wheels, these machines can become exponentially more difficult to break. For example, let’s say a cipher has 36 characters — 26 letters, and the numbers, 0-9. With one cipher wheel rotating, the substitution pattern will repeat every 36 times — a 36 character cryptographic key. If you add a second wheel, which rotates one character every time the first wheel turns all the way around, it will take 1,296 characters (36 x 36) until the substitution repeated itself, making the code much more difficult to crack.

The Enigma machine, used by Nazi Germany is the most famous cypher machine, but both the Allies and Axis powers used them to encrypt communication during World War II. The Allies managed to break both Enigma, and the Japanese Purple machine, which allowed them to listen in on Axis communications, and outmaneuver them.

The Advanced Encryption Standard. The invention of computers greatly enhanced encryption. Instead of having to painstakingly build a cipher out of gears or electromechanical switches, mathematicians could program them, and their complexity was only limited by the power and memory of computers. But the better computers got at encrypting data, the better they got at breaking data encryption.

The Data Encryption Standard (DES) was designed to be unbreakable in the 1970s. It used a 56-bit key, meaning there were 2^56 possible combinations. To break it, a computer would have to keep trying different codes, until it guessed the right one — a process known as a brute force attack. By the 1990s, however, modern computers were powerful enough to crack DES keys in days.

The National Institute of Standards and Technology held a competition in 1997 for a cipher to replace DES. They wanted an algorithm that was easy to implement, and resistant to both brute force attacks and other code breaking techniques. The Rijndael algorithm won, and became the basis for the Advanced Encryption Standard (AES). It is still used today for everything from business records, to top secret government data.

The AES is a symmetric key cipher, supporting 128, 192, and 256-bit keys. Every bit doubles the amount of time it takes to break an encryption key. While the fastest supercomputer can now brute-force hack DES in less than seven minutes, it would take about 1 billion billion years, just to crack a 128-bit AES key.

How SSL and TLS Work

Symmetric key encryption basics can protect data, but they can’t send it securely. To encrypt an email using symmetric encryption, you’d have to contact them and agree on a key, but if you sent the key over the Internet, someone else could be listening in. Secure Socket Layer (SSL), and the newer Transport Layer Security (TLS) are designed to tackle that problem. They’re used to secure online communication such as banking, payment and email. You can tell a website is using SSL/TLS when its address starts with “https.”

When you send a message using SSLT/TLS, it’s automatically encrypted with your private key, then with your recipient’s public keys. Your recipient receives the message, decrypts it with their private key, and then decrypts the result with their public key. A Certificate Authority (CA) verifies that both parties are who they say they are, to stop third parties from intercepting the message and posing as the recipient.

Unfortunately, SSL/TLS isn’t unbreakable. When it’s used in email, the message only stays encrypted if the server supports encryption. If the server only has an old, weak version of SSL, or doesn’t support it at all, the email can be intercepted by a third party and spied on. Hackers can also compromise SSL/TLS by gaining control of a server, or by using a fake security certificate to pass a scam website off as the real thing.

Client-Side Encryption, and Why it is Important

The best way to protect messages traveling across the Internet is to keep them encrypted from the moment they leave the sender’s device until they enter the recipient’s device. That’s where client-side encryption comes in. A client-side encrypted email leaves your inbox as a scrambled string of data. It doesn’t matter if the servers it passes through support encryption or not. It doesn’t even matter if a hacker or spy records your message; they can’t do anything with the data, because they don’t have the encryption key.

How PGP and S/MIME Work — And Why They Are Strong

Client-side encryption basics have allowed security geeks to protect email for decades, using public key encryption. Pretty Good Privacy (PGP) has been around since 1991, and S/MIME, since 1995. If you want to send someone a PGP or S/MIME message, you download their public key, and use it to encrypt the message. Once they receive the message, the user decrypts it with their private key, allowing them to read the message.

PGP and S/MIME both have mechanisms to ensure that you’re getting the real key, instead of a fake key that a hacker can use to read a protected email. PGP uses the Web of Trust. Essentially, when you share your public key with people, they indicate how much they trust that it’s the correct key. If enough people trust a key, you can be reasonably sure it isn’t a forgery. S/MIME uses Certificate Authorities, similar to those used by SSL/TLS.

Drawbacks of Public Key Encryption

PGP and S/MIME are both secure, but neither is very convenient. To start sending and receiving messages with either system, you need to install the software, generate a public and private key, register your public key, obtain your recipient’s public key, add it to your keyring, and encrypt your message — all before sending your message.

There’s no secure way to send a message to someone who hasn’t published a public key, and each message needs to be encrypted individually, meaning you can’t send group emails. And if some of your friends use PGP and others use S/MIME, you have to install and learn both systems. You also have to safeguard your own private key, since if anyone gains access to it, they’ll be able to read all of your email. Finally, you’ll have to set up PGP or S/MIME and enter your key on every device you use, which wastes time and potentially exposes you to greater security risks. Although PGP and S/MIME have the encryption basics needed for good security, they don’t have the convenience that modern users need.

Health Portals — And Why They’re Annoying

The Health Information Portability and Accountability Act (HIPAA) requires medical providers to carefully safeguard health information, from medical records to patient names. To do this, doctors need a secure method to communicate with patients, and health portals are the most common solution. A patient can sign into their medical provider’s health portal to set appointments and access healthcare information, such as test results.

Portals are secure, but pretty clunky. Patients are required to create an ID and password for each health portal. Portals are also not interoperable; if a patient sees their GP at a neighborhood clinic, then is sent to a specialist at a hospital, they’ll usually have to create a login for each, and learn two different interfaces.

Because everyone uses their own portal, medical organizations also can’t use them to communicate with each other and share patient records. In an age where cutting edge medical procedures and worldwide instantaneous communication could combine to create a new level of medical care, each medical office is instead stuck in its own digital fortress.

Virtru Email Encryption — Giving the Power of Encryption to Everyone

In spite of the power of modern encryption, most of the available tools are clunky, inconvenient, and riddled with security holes. Virtru was founded to change that, by providing military grade client-side encryption, with none of the hassles of PGP or S/MIME. Once installed, Virtru adds a button to your email. Click it before you hit send, and your email is automatically protected with 256-bit, client-side encryption.

Virtru also encrypts email attachments in any format. Whether you’re sending a confidential financial report or family photos, you can be sure they’ll stay protected. And unlike PGP and S/Mime, you can send group emails, and message recipients who haven’t installed encryption yet. Virtru allows you to send an unencrypted introduction along with the email, which your recipient can see before installing Virtru. That way, you can explain the purpose of the email to encryption neophytes without exposing sensitive information to malicious third parties.

And Virtru goes beyond email encryption basics to give you total control over messages you send. If you hit “Send” too early, or click “Reply All” by mistake, you can recall your email — even after it has been read. You can also set time limits on emails, or disable forwarding so that a recipient can’t send sensitive information on to people who shouldn’t see it.

Virtru: Encryption for Everyone

In a world where everyone — from government agencies to corporate spies — is threatening your privacy, encryption has become a necessity. Your personal information can be used to steal your identity, threaten your family and reputation, and undermine your professional life. At Virtru, we believe the only solution is a default-encrypted world. Virtru email encryption gives you the tools to ensure your right to privacy is more than just an ideal.