# The basics of encryption

上次更新:

This guide gives an overview of encryption and describes the differences between two types: symmetric and asymmetric.

## The key to encryption

Just like with doors, keys are used to lock (encrypt) and unlock (decrypt) information to keep it safe. But instead of a physical key, an encryption key is an long string of random characters.

As an example, a message with sensitive information needs to be sent securely from one person to another. The sender will encrypt the message with one key, and the receiver will decrypt it with another.

### Symmetric encryption

A symmetric key uses the same string for both encryption and decryption which means that both the sender and receiver need the same key. Symmetric encryption is secure when using a strong cipher in combination with a strong key. A challenge with symmetric encryption is securely storing and exchanging a symmetric key (If exchanged: PSK, short for Pre-Shared Key) between trusted parties, the risk being that the key falls into the wrong hands.

Symmetric encryption can be used for encrypting files and data, both stored, like on a hard drive, and in transit, like over a computer network.

Learn how to encrypt a file using symmetric encryption

### Asymmetric encryption

With asymmetric encryption, a mathematically linked key pair is used for encryption and decryption, one key being "public" (shared) and one being "private" (secret). If a message (like an email) is encrypted with a public key, it can only be decrypted with the corresponding private key.

If you want to use asymmetric encryption for message exchange, you first create a key pair (a public and a corresponding private key). You then share the public key with whoever you want to be able to communicate securely with, and you store the private (secret) key somewhere secure and private. Whoever has access to your public key can then encrypt a message with the public key that you have shared, which ensures only you, who holds the corresponding private key, can decrypt the message.

For example, if Sarah wants to send a message to John, she would use John's public key to first encrypt the message before sending it to him. John would then use his private key to decrypt the message. In this manner, Sarah can be sure that only John can read the message. Likewise, John knows that the message was intended for him.

Asymmetric encryption can be used for encrypting files and data, both stored and in transit, but is more commonly used for exchanging symmetric keys and digital signatures. A digital signature is meant to ensure the claimed identity of a person or computer. When digitally signing something, like an email, you use your private key is used to encrypt (sign), and the public key is used to decrypt (verifying the signature). Since it is assumed that you and only you hold your private key, it can be assumed that the signature (encryption) originates from you as well, thereby proving your identity to the recipient of your signature.

Sarah can do this by signing the message with her private key. John can then use Sarah's public key to verify that the message was sent by her, as only the combination of Sarah's true public and private keys would give a valid result. They both now know that Sarah is Sarah and that John is John. Mission accomplished!

Learn how to send messages using asymmetric encryption

## The importance of key management

Challenges when using encryption and cryptography, whether symmetric or asymmetric, is (1) securely storing and exchanging secret keys, (2) choosing a strong cryptographic algorithm and key length (number of bits). You must store your secret keys in a secure location and ensure strong algorithms are used.

## Integrate encryption into your email program

Now that you've learned the basics of encrypting and decrypting files, learn how to automate the encryption and decryption of emails with our guide on integrating encryption into your email program.