On this page:
- Overview
- Encryption at rest
- Encryption in transit
- Symmetric key algorithms
- Asymmetric key algorithms
Overview
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
Data can be encrypted in two ways: at rest and in transit.
Note:
Employing these two types of encryption safeguards must occur in tandem; it's not automatic. Data encrypted at rest is not guaranteed to remain encrypted as it traverses a network. Conversely, the fact that data is encrypted in transit does not offer any guarantee that the data remains encrypted after it has reached its destination.
Encryption at rest
Encryption at rest refers to the encryption of data storage, whether in a database, on a disk, or on some other form of media.
Note:
Indiana law recognizes the value of disk encryption, such that a lost/stolen laptop or storage media is not considered a breach if that media was encrypted (and the encryption key was not available with the device).
Examples of encryption at rest include:
- BitLocker disk encryption
- macOS FileVault
- Database encryption
- MySQL
- PostgreSQL
- VeraCrypt
Encryption in transit
Encryption in transit refers to data that is encrypted as it traverses a network, including via web applications, smartphone apps, chats, and so on. Data is in transit from the point at which the data leaves the storage drive or database until it's re-saved or delivered to its destination. Protecting information in transit essentially ensures protection from others attempting to snoop or eavesdrop on information as it traverses the network.
Examples of encryption in transit include:
- TLS/SSL (HTTPS)
- WPA2
- VPN
- IPsec
Symmetric key algorithms
Symmetric key algorithms use related, often identical keys to both encrypt and then decrypt information. In practice, this is known mostly as a shared secret between two or more parties.
Asymmetric key algorithms
Asymmetric key algorithms use different keys to encrypt and decrypt information; one key encrypts (or locks) while the other decrypts (or unlocks). In practice, this is known mostly as a public/private key; the public key can be shared openly, but the private key should not be. In most cryptographic systems, it is extremely difficult to determine the private key values based on the public key.
Using public/private keys, the lock/unlock algorithm can work in two ways. For example, Alice can encrypt a message with Bob's public key, and then send it to Bob. Only the holder of Bob's private key should be able to decrypt and read the message. Conversely, Alice could encrypt a message with her own private key, and while anyone else in the world could read the message, they could use Alice's public key to verify the message must have come from Alice.
Common technologies that rely on public key cryptography include TLS/SSL and S/MIME.
For more, see Public-key cryptography.
This is document bgpo in the Knowledge Base.
Last
modified on 2021-06-01 12:15:42.
This blog will guide you through all the fundamental concepts surrounding decryption as well as explore its types, advantages, applications, and more. Let’s start!
- What is Decryption?
- Why is Decryption necessary?
- Types of Decryption
- How does Decryption work?
- Advantages and Disadvantages of Decryption
- Encryption and Decryption
- Conclusion
Decryption can be achieved automatically or manually and through a variety of codes or passwords. But first, let’s understand what decryption is.
Decryption is the transformation of data that has been encrypted and rendered unreadable back to its unencrypted form. The garbled data is extracted by the system and converted and transformed into texts and images that are easily understandable by the reader as well as the system. Simply put, decryption is essentially the reverse of encryption, which requires coding data to make it unreadable, but the matching decryption keys can make it readable.
The recipients must have the right decryption or decoding tools to access the original details. Decryption is performed using the best decryption software, unique keys, codes, or passwords. The original file can be in the form of text files, images, e-mail messages, user data, and directories.
The original format is called plaintext while the unreadable format is referred to as ciphertext. Parties use an encryption scheme called an algorithm and keys for encryption and decryption of messages in a private conversation. The decryption algorithm is also known as a cipher.
Get 100% Hike!
Master Most in Demand Skills Now !
Why is Decryption necessary?
One of the primary reasons for having an encryption-decryption system in place is privacy. Information over the World Wide Web is subject to scrutiny and access from unauthorized users. Therefore, the data is encrypted to prevent data theft.
Here are some significant reasons why decryption is used:
- It helps secure sensitive information like login credentials like usernames and passwords.
- Provides confidentiality to private data.
- It helps ensure that the record or file remains unchanged.
- It avoids plagiarism and protects IP.
- It is beneficial for network communications like the internet where a hacker can gain access to unencrypted data.
- It lets one protect their data safely without the fear of someone else accessing it.
The person who is responsible for data decryption receives a prompt or window for a password to be entered to gain access to the encrypted information.
Primarily, the continuous development of algorithms for substantial encryption is for the intelligence and law enforcement specialists. It is an arms race in computation. Furthermore, organizations that need to deal with digital security examinations or recover lost passwords have a similar requirement.
Additionally, the use of the most advanced forms of decryption makes extensive computation requirements inevitable, which will result in further need for decryption.
The federal agencies and ISVs employ in-house decryption or steganographic algorithms to provide turnkey networks that can offer decryption on multiple computers across an entire company.
Enroll in Intellipaat’s Cyber Security course and learn under seasoned experts.
Types of Decryption
A single algorithm is used to encrypt and decrypt a pair of keys. Each of these keys gets used for encryption and decryption. Let’s take a look at some of the common types of decryption algorithms that are used.
- Triple DES
When hackers gradually learned to get past the Data Encryption Standard (DES) algorithm, Triple DES was introduced to replace it. It utilizes three single 56-bit keys each. It phased out eventually, but despite that, Triple DES still offers secure encryption and decryption solutions for hardware across various industries.
- RSA
RSA is a public-key encryption-decryption algorithm. It is a standard for data encryption and is also one of the approaches that are used in PGP and GPG programs. RSA decryption is considered to have an asymmetric algorithm because it uses a pair of keys, unlike Triple DES. The public key is used to encrypt the message, while the private key is used to decrypt it.
- Blowfish
Blowfish was also developed to replace DES. The messages are broken into 64-bit blocks by this symmetric cipher and encrypted individually. Blowfish delivers incredible speed and overall undefeated performance. Vendors have utilized its free availability well in the public domain.
- Twofish
Twofish is the successor of Blowfish. The key length used for this algorithm can be up to 256 bits and only one key can suffice as a symmetrical technique. Twofish is one of the fastest of its kind that is suitable for both software and hardware environments. Like Blowfish, Twofish is also free for use by anyone who wants to use it.
- AES
While AES is highly efficient in its 128-bit form, it is also able to utilize 192 and 256-bit keys for the purpose of more heavy-duty data encryption. It is believed to be resistant to all attacks, excluding brute force that decodes messages using all combinations of 128, 192, or 256-bit cryptosystems. Cyber security experts claim that it can be a de facto standard for data encryption.
Learn all about Cryptography from this video.
How does Decryption work?
To understand how decryption typically works, let’s consider the case of a Veeam backup. When trying to recover information from a Veeam backup, an encrypted backup file and Replication will perform decryption automatically in the backdrop or will require a key.
In case an encryption password is required to gain access to the backup file, if the Replication configuration database and Veeam backup is accessible, the key is no longer necessary. The passwords from the database are required to open the backup file. The information is accessible in the backdrop, and data recovery is not much different from that of the unencrypted data.
Automated information is can be accessed if the following requirements are met:
- The backup file should be encrypted on a similar backup server that uses the similar Replication configuration database & Veeam backup.
- The backup file should not be excluded from the Replication console & Veeam backup.
- If encryption passwords are not accessible from the Replication configuration database & Veeam backup, a key is required to gain access to the encrypted file.
- Once information is accessible from the origin side, all the subsequent data is conveyed back from the destination point. As a result, information capture can be avoided as the encryption passwords are not transferred back from the origin point.
The following process displays the VeeamZIP tasks, backup, and backup copy procedures.
Import a file into the backup server. Replication & Veeam Backup will send a notification that the file is encrypted and requires a key. The key needs to be inputted. Even if the password is changed multiple times or just one time, the key should be mentioned in a subsequent manner:
- To import a .vbm file, the current key that was used to encrypt the file within the backup chain should be mentioned.
- To import an entire backup file, the complete collection of keys used to encrypt files in the backup chain is required.
Replication and Veeam Backup examines the password that is submitted and generates the user key based on the password. With the access of the user key, Replication & Veeam backup starts decryption:
- Replication & Veeam Backup employs the user key to decrypt the storage key
- The storage contains the principal session keys and a meta key
- The session key decrypts data blocks
- Eventually, the encrypted file can be opened
Take into account that the steps till the use of session key are required if a file decrypted on a backup server is different from the encrypted file in the backup server.
Advantages and Disadvantages of Decryption
While the reason for using decryption may vary, adequate protection is one of the key advantages and purposes that it serves. The organization can have smooth management with the help of decryption. Cyber security professionals use this method to prevent the exfiltration of confidential information.
The primary concern with decryption, however, is the matter of data privacy. Decryption operates on the risk of separating an essential part of the workforce. Take the example of an employee who by chance logged into their email or bank account. This might, at any time, trigger a firewall incident if keywords are inadequately selected.
Hence, privacy for end consumers is renounced when decryption is underway. An innocent employee with no intention of exposing sensitive organizational data might find their network traffic observed as a result of triggering the firewall involuntarily.
Encryption and Decryption
Let’s quickly take a look at the difference between encrypted and decryption from the following comparison table.
| Parameter | Encryption | Decryption |
| Definition | The process of converting normal data into an unreadable format to avoid unauthorized access to sensitive data. | The process of converting the unreadable/encrypted data into its original form so that authorized users can read it. |
| Process | Whenever data is transferred between two separate machines, it is automatically encrypted using a secret key. | The receiver of the data automatically converts the encrypted data to its original form. |
| Location of Conversion | The user who is sending the encrypted data to the destination. | The user who receives the encrypted data and converts it. |
| Example | Sending sensitive documents to a user. | Receiving the encrypted documents from the source and decrypting it to read it. |
| Use of Algorithm | The encryption-decryption process uses the same algorithm with the same key. | A single algorithm is used for encryption and decryption is done with a pair of keys where each of them is used for encryption and decryption. |
| Primary Function | Converting decipherable messages into an incomprehensible form so that it can not be interpreted | Converting an obscure message into a decipherable form that is understandable by humans |
Conclusion
Today, we have learned what decryption is, how to decrypt a file, as well as its applications. Both encryption and decryption are the two key functionalities in cryptography, which is used to secure and protect data during communication. Any user receiving an essential encrypted document from someone will require decryption to make it readable.
Make sure to visit the Cyber Security Community at Intellipaat.