Cyber Security Tip ST04-019 -- Understanding Encryption

[US-CERT Security Tips <security-tips () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST04-019
                          Understanding Encryption

   Encrypting data is a good way to protect sensitive information. It ensures
   that the data can only be read by the person who is authorized to have
   access to it.

What is encryption?

   In very basic terms, encryption is a way to send a message in code. The only
   person who can decode the message is the person with the correct key; to
   anyone else, the message looks like a random series of letters, numbers, and
   characters.

   Encryption is especially important if you are trying to send sensitive
   information that other people should not be able to access. Because email
   messages are sent over the internet and might be intercepted by an attacker,
   it  is  important  to add an additional layer of security to sensitive
   information.

How is it different from digital signatures?

   Like digital signatures, public-key encryption utilizes software such as
   PGP, converts information with mathematical algorithms, and relies on public
   and private keys, but there are differences:
     * The purpose of encryption is confidentiality—concealing the content of
       the  message by translating it into a code. The purpose of digital
       signatures is integrity and authenticity—verifying the sender of a
       message and indicating that the content has not been changed. Although
       encryption and digital signatures can be used independently, you can
       also sign an encrypted message.
     * When you sign a message, you use your private key, and anybody who has
       your  public  key  can  verify  that  the  signature is valid (see
       Understanding Digital Signatures for more information). When you encrypt
       a message, you use the public key for the person you're sending it to,
       and his or her private key is used to decrypt the message. Because
       people should keep their private keys confidential and should protect
       them with passwords, the intended recipient should be the only one who
       is able to view the information.

How does encryption work?

    1. Obtain the public key for the person you want to be able to read the
       information. If you get the key from a public key ring, contact the
       person  directly to confirm that the series of letters and numbers
       associated with the key is the correct fingerprint.
    2. Encrypt the email message using their public key. Most email clients
       have a feature to easily perform this task.
    3. When the person receives the message, he or she will be able to decrypt
       it.
     _________________________________________________________________

     Authors: Mindi McDowell
     _________________________________________________________________

     Produced 2004 by US-CERT, a government organization.

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST04-019.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit

     http://www.us-cert.gov/cas/signup.html.






-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS08zWducaIvSvh1ZAQJE8Af/SyrtRBxq/tkARg+tZxERpW96kZW1gWI4
MoeRYBXkRE22168bUpCX0BpjPCjNpJflH4RIov8tGt70U4v/wzJNonta3huCgwmJ
t/cg/+YSfwlnQTG1KgqoBou+TGNWMVCuGTkWOjZ2t4YYJ8tnMaXiHwfWwytaoJ6H
eC2Se+1CoZSk+x2BfbpJe3gJYWsbz8W57j7TkbiclpCADU1J2lSj4Fp4zZvCvsFn
EuS9Br3669EK5EZW4NnAPWWs4zkSXFGan+G66snZJwtZidSxX3cDIg0NVdVe+qcR
OxRDbzBFWOlzrCr1ebs/2AmYdYP0koTei7RNJ0X+pvpIvWGiT/qLEQ==
=2MKG
-----END PGP SIGNATURE-----