The Power of Math
You may have heard of encryption before, or possibly cryptography (which is the study of encryption and methods of secure communication), and wondered what it is and why it is so important. Simply put, encryption is basically just math. Encryption applies a complicated algorithm to plain text, in turn generating unreadable text referred to as “ciphertext“. In order for this ciphertext to become readable again, you need apply the key that was used in the algorithm.
In layman’s terms, encryption takes human-readable text (or data) like what you are seeing now, uses a mathematical formula in order to change that text in a long series of random characters that cannot easily read, and then in order to make that blob of text human-readable again you need to have access to the key that was used in the mathematical formula.
Just like the keys to your house or your car, it is required that you have the encryption key in order to access that data again. Without it, the encrypted text is virtually useless. You can’t easily break encryption either. Attempts have been made to brute-force encrypted data in the past, and most are largely unsuccessful. Strong enough encryption can take even the most powerful computers on the planet eons to break.
There are also some known broken cryptographic algorithms, notably MD5 and SHA1 (unfortunately), that can theoretically be cracked using alternative measures, but even still, the chances of successfully breaking the encryption is still very low. That being said, using an algorithm like RSA-2048 or RSA-4096 to encrypt your data would make it very close to impossible for the encryption to ever be broken, as long as you take the appropriate measures to keep your keys safe.
Now that you know what encryption is, you might be wondering what exactly encryption is used for. The biggest aspect of encryption is privacy. Encrypted data is useless to outsiders. Encrypted messages cannot be read, encrypted files cannot be opened or viewed, encrypted hard drives are essentially fancy paper weights, etc without the key. Encryption is also very good for security, for the same reasons listed above, and can even be used verification purposes (more on that later).
One of the common uses for encryption is private messaging. If you want to send a message to somebody, and you are worried about someone else intercepting that message, you can use encryption so that if it does get intercepted the data would be useless. It goes as follows:
- Bob wants to send Alice a message but wants to make sure nobody else can read this message
- Alice can send Bob her public key
- Bob uses the public key to change the plain text message into unreadable ciphertext, and then sends it to Alice
- Alice uses her private key to decrypt and read the message
- If Alice wants to respond, the processes is repeated but this time she uses Bob’s public key to encrypt the message
There are two types of keys used in encrypted messaging. The public key, and the private key. The public key is what you share with the world and is what people use to encrypt messages that they want to send to you. The private key is what you must protect at all costs, this is the only way your messages can be decrypted. I realize this may be a bit abstract, so here’s an example that you can try at home.
Below is an example of a PGP public key. This is what you would share with whomever you wish to communicate with.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: BCPG C# v126.96.36.199 mQENBFl6Bb4BCACrRLBvkEZiu66LnDWMvOQeFFcVBYCS9nqGcsBfnV9B8Yl3TrMa fMhIIhbz0x3+M9zBZCKNy0CPUuMtPZFG+pvCRwuG911prKlfzfJtRdjBFZK57NvT H8Z9qszb2zCOtwyecJs0C7gDtIhaLXJs/VPgn/o6ur/iPEPL1q7IsogQtEC4XVBn oJtGXZb4Uszo0abycre+SCb7/DJdHp9LXBDmKEoQKDpWOzDG8JYOYSaLRvqYFaMs VjrPGN25nKGAVsll8SOBH1WVF6+ai6slAkW/sbnF7zTfKULnob7Okufrhrr86NPf ZmQRgHUsQtT8l/CV5HK6H2ZukQBBa5jnc+nZABEBAAG0AIkBHAQQAQIABgUCWXoF vgAKCRBc6Bk/5egcymZBB/9cEFwOpmI+rxhKvnoM1fTQMJ23ycU+bxEYTmEu1gjF ixPc5uWk/HRjh0NYS7kPgZSWXnhMUv67upceJee/LyKmtrd0kTF/aEkl9j5i3JhV cy7UBI9qrTHtAwMv2ljc/yI7y1K9tVpVYkLdHCKI5dGexrwFXupEr5QORLeb1b3c vCH36CTUs5SbyLmJUrasKPXkMODGSfx6VpbPzQBA+/FN5OUkvwNgJC0s250rz9AX oS1p3N/cD6T6QtCdM5t2I8MRjVENrNmRuJsJqscf62/E7BAYn2DjvKeg4E/EniXU g8LmIoZnGZ6MEe7DpU+iDYiKA9708rQ7Qw3qtsEea6Op =kDWu -----END PGP PUBLIC KEY BLOCK-----
This is the private key that correlates with the above public key. You would want to make sure to protect this key, because if anyone else gets a hold of it they can read whatever messages you had that were encrypted with your public key.
-----BEGIN PGP PRIVATE KEY BLOCK----- Version: BCPG C# v188.8.131.52 lQOsBFl6Bb4BCACrRLBvkEZiu66LnDWMvOQeFFcVBYCS9nqGcsBfnV9B8Yl3TrMa fMhIIhbz0x3+M9zBZCKNy0CPUuMtPZFG+pvCRwuG911prKlfzfJtRdjBFZK57NvT H8Z9qszb2zCOtwyecJs0C7gDtIhaLXJs/VPgn/o6ur/iPEPL1q7IsogQtEC4XVBn oJtGXZb4Uszo0abycre+SCb7/DJdHp9LXBDmKEoQKDpWOzDG8JYOYSaLRvqYFaMs VjrPGN25nKGAVsll8SOBH1WVF6+ai6slAkW/sbnF7zTfKULnob7Okufrhrr86NPf ZmQRgHUsQtT8l/CV5HK6H2ZukQBBa5jnc+nZABEBAAH/AwMCl60ydu5+QFJge10J IO2+H9So5iI3/FJLuMHZFSoSCnPo4vk2g65XX7AUjnh9ebQvxOFgZnx7GsGq8xTC NuiPAN7QrwL3ERbblyaFcIc6g8Rf8oWaZLw2iw4NEfLUHYqeUDU3hXUeqqUvrFAx zSLNUXzBaU7hr2aT3unClFvCkstdjNZhDMasvhJe8nJnn8exv9PGWV7JLTA+nr3b OwVZ5C7l4bJF7t7n9TgYOVdDLNoNmpP+/NV6ZTY2Vi4ae6JoI1m1ahKnNXr47JEO /lSO0LiC9XWr4bbKpOPM7UJSpL6pbMg9/7DYREaq8rzw88t2hyoA2WXjWNQoSCy8 3ZE4TrOgoenBMczhjMbCUjjSqI9ffVq7dv9M0tAIWVTfsrpFcVxUd0antLUNff5o 1ZYF3h29cLVFuziOC8E4ieQ1+my1mqZbR7yaD73YFpf4Try7HetiERoFPr8bS9pQ 7GpJws6FBnEIb8KLgAG0KQGQd7q8a+qoP6Shuc9oQuLbpAyN7Aoz9CguzUvIA5dN f/cdo9N8gJ+eV2YZ2pIlBxveNbmIfZjnbhGuHF565jFebh9TDn42fplFPprxH+Je QYARYwggZzZANjSDv51RdCo5soiFCaLSt8lVGd3Ke/+SHmDx+bNqgarw1NnMdevB qQLKkN2mLLft9YKb1tR7spHq6noGlIt8HziPIiw38oewUdlFGsZWip+P0yYgK/sZ qIotl/sXux/OgyGK+1T8hek49+8Rr/NgmawYAAN97ZdA8bkZKI/IPTMLazP5WvH/ OLVBmGi4SNQvdDNNGAJ+HXur5XjiGBAYeFydft5Fl1Zb2NW9MDtS7/t7FoXexGf3 BxkYeldIp8dXQSzoCmegp2XshqsoPktj4256/gKNMbQAiQEcBBABAgAGBQJZegW+ AAoJEFzoGT/l6BzKZkEH/1wQXA6mYj6vGEq+egzV9NAwnbfJxT5vERhOYS7WCMWL E9zm5aT8dGOHQ1hLuQ+BlJZeeExS/ru6lx4l578vIqa2t3SRMX9oSSX2PmLcmFVz LtQEj2qtMe0DAy/aWNz/IjvLUr21WlViQt0cIojl0Z7GvAVe6kSvlA5Et5vVvdy8 IffoJNSzlJvIuYlStqwo9eQw4MZJ/HpWls/NAED78U3k5SS/A2AkLSzbnSvP0Beh LWnc39wPpPpC0J0zm3YjwxGNUQ2s2ZG4mwmqxx/rb8TsEBifYOO8p6DgT8SeJdSD wuYihmcZnowR7sOlT6INiIoD3vTytDtDDeq2wR5ro6k= =17Yg -----END PGP PRIVATE KEY BLOCK-----
Now, there are tons of ways to encrypt and decrypt messages using these keys, including software you can install to your computer or phone, but to keep things simple we are going to use a web tool that should work for everyone. Keep in mind though, if you are using encryption to protect yourself, it is highly recommend you use offline software that comes from a trusted vender.
Go to the following website: sela.io/pgp
Copy and paste the public key into the box that says “PGP Public Key”. In the example above, this is the key that Alice would send to Bob.
In the box below that says “Message to encrypt”, write out “hello world”.
Hit the encrypt PGP message box. The bottom box will now display a random set of characters, beginning with:
-----BEGIN PGP MESSAGE-----
And ending with:
-----END PGP MESSAGE-----
Copy this entire thing (including both the header and footer). This is what Bob would send to Alice.
Now scroll down, in the box that says “Private Key”, paste the private key that I shared above. This is the key Alice would use in order to decrypt the message she receives from Bob.
Ignore the passphrase for now, we did not set one up. However, it is highly recommended that you use a passphrase to further protect your encrypted messages.
In the bottom box that says “Encrypted message”, post the text that you generated earlier.
Hit the decrypt PGP message box. You should now see “hello world.”
Pretty cool, huh?
Encryption can be used to keep your data safe. You can encrypt your hard drives and storage devices (flash drives, SD cards, SSDs, whatever) or you can encrypt individual files. Tools exist that help you encrypt your files and device.
I won’t list them out, however, as which tool you use will depend on the device, the OS, and the use case.
Unlike the PGP example, there is only one code you need to memorize, and that is the encryption password, which is generated by you, the user. You use the password in order to access your files or device. You will also be given an encryption key that is not generated by the user. It is very important that you store both in a safe place.
HTTP vs HTTPS
Ever notice how some websites start with HTTP and others start with HTTPS and show a green lock icon? This isn’t just some random occurrence. Websites that use HTTPS (like mine) encrypt their data using a process called SSL, or Secure Sockets Layer.
HTTPS means that all of the communications that occur between your web browser and the website are encrypted. This prevents the page from being tampered with and keeps outsiders from peaking at your data. Without HTTPS, everything you send is in plain text. Malicious parties mess with the pages you see (or use it to serve maleware or inject ads) or can steal your data as you send it.
I highly recommend HTTPS Everywhere, a browser plugin developed by EFF that forces HTTPS where ever possible.
Do you need to make sure that you files your receive have not been tampered with? Or that the person you are speaking to is really who they claim to be?
Encryption can help with that too!
Using encryption for data verification is bit of an abstract topic, so I won’t go too far in-depth.
When you send a message or share a piece of software, you can use a digital signature to ensure the contents integrity. Think of it like a seal on an envelope or drinking bottle. If the contents are changed, the digital signature will change and you will know that its been tampered with.
Encryption can also be used for identify verification. PGP keys can be signed to verify ones identify, here is a good post on the process of getting keys signed.
When you sign someones key, you are publicly stating that you trust that key to belong to the person who is claiming it. When someone signs your key, they are stating that they trust you to be who you say you are.
Confused? That’s ok. This is just the basics, PGP key signing needs a post on its own.
More on PGP key signing coming later!
We need Encryption
If there is one major takeaway from this post it should be that encryption is very important. We need it for security, for privacy, for verification, and for much much more. A world without encryption is not a safe world. Those that push to eliminate encryption are clueless to how the tech functions.
These are only some examples of popular use cases. Encryption is a very wide field, and honestly, you can easily dedicate an entire website just to cryptography and the study of encryption.