# Encryption 101

## What is Encryption?

1. What is an encryption key
1. How are encryption keys generated
2. How often should encryption keys be changed
3. How encryption keys work
2. What is encryption used for
3. Types of encryption
1. Asymmetric encryption
1. Types of asymmetric algorithm
2. Symmetric encryption
1. Types of symmetric algorithm
3. Homomorphic encryption
4. How encryption works
5. Why is encryption important?
6. How does encryption secure?
7. End-to-end encryption
8. What happens if encryption is done wrong
9. GlobalSign’s encryption products

## What is encryption?

Have you ever experienced sending a message to the wrong recipient? While this may be harmless at the individual level, data that organizations deal with is often sensitive. Information in the hands of the wrong recipient can cause harm. Encryption can be very useful for this.

Encryption is a method by which data is scrambled and converted into a code, that only the correct parties who have the decryption key may read or understand. On the technical aspect, encryption is the process of converting plaintext to unreadable cipher through complex algorithms.

## What is an encryption key?

To ‘lock’ (encrypt) and ‘unlock’ (decrypt) the secret codes in encryption, it is necessary for the sender and receiver to have a key. An encryption key is a random string of bits created to scramble and unscramble data. Like actual keys, data that leaves the sender is locked, and can only be unlocked by a receiver who has the correct key.

• ### How encryption keys are generated

Encryption keys are generated with algorithms that ensure every key is unique and unpredictable, making the process of encryption secure for both the sender and receiver. Before learning how encryption keys are generated, we must differentiate the two types of algorithms: symmetric algorithm and asymmetric algorithm.

A symmetric algorithm uses a single key that is used for encryption and decryption. This key is generated every session. Depending on the encryption method, single encryption keys are generated using a cryptographic random number generator or a key derivation function.

On the other hand, an asymmetric algorithm involves the generation of a public and a private key. Using the cryptography algorithms like RSA, DSA, and ECC. Asymmetric keys can be used in multiple sessions.

• ### How often should encryption keys be changed?

Rotating keys on a regular basis helps your organization meet industry compliance requirements and be aligned with the best practices in cryptography. As encryption keys can still be cracked by a supercomputer, though will still take some time. Experts from Google recommend an automatic rotation of keys on a regular schedule. An example would be 90 days. This period increases security, while maintaining minimal administrative work for the organization’s IT department.

• ### How encryption keys work

Keys always work by pair. For symmetric algorithm, the same key is used to encrypt and decrypt data. For asymmetric, the public key encrypts the data while the private key that is not shared decrypts the data. Encryption relies on the secrecy of these keys to ensure that the data is only accessible for the intended recipient. The confidentiality of the key is essential in symmetric cryptography, while only the private key must be kept secret in asymmetric cryptography.

## What is encryption used for?

Encryption is used for various purposes that call for confidentiality, as it transforms sensitive data into unreadable codes. Common uses of encryption include data exchange in web browsers, sending secure emails, cash withdrawals in ATMs and bank transactions, online payments, and many other purposes that require data security.

## Types of encryptions

• ### Asymmetric encryption

Also known as Public-key Cryptography, asymmetric encryption makes use of two separate, mathematically connected cryptographic keys to encrypt and decrypt information. These keys are known as the public key for encryption and the private key for decryption. Asymmetric encryption removes the need to share the user’s secret keys, making it secure. However, its use is usually more time-intensive than other encryption types.

• #### Types of asymmetric algorithm

Some examples of asymmetric algorithm are:

• Rivest Shamir Adleman (RSA). This type of asymmetric encryption generates public and private keys together relying on the same large secret prime numbers. The private key is a combination of two large, secret prime numbers, while the public key is the product of these two numbers which is very hard to decode.
• Digital Signature Standard (DSS). The DSS incorporates the Digital Signature Algorithm where the sender’s private key is used to digitally sign information or the message itself, and the recipient uses the sender’s public key to confirm the integrity of the data.
• Elliptical Curve Cryptography (ECC). Like the RSA, ECC uses mathematical curves for encryption. However, key sizes are usually smaller and faster to generate than in RSA.
• ### Symmetric encryption

Unlike asymmetric encryption, symmetric encryption only uses a single cryptographic key to encrypt and decrypt data. The sender ‘locks’ the information using the secret key, and the sender ‘unlocks’ the message upon receiving it. Anyone with the secret key can read the data.

• #### Types of symmetric algorithm

Popular examples of symmetric algorithm are:

• Data Encryption Standard (DES). The DES is now considered a legacy encryption algorithm. This is a block cipher – the cryptographic key and algorithm are applied to a block of data simultaneously by grouping it into 64-bit blocks. While it is insecure for applications, this is very influential in the development of encryption techniques.
• Advanced Encryption Standard (AES). This type of encryption uses block ciphers of 128, 192, or 256 bits to encrypt and decrypt data. AES is one of the most widely used encryption methods as it would take billion years to crack using a supercomputer.
• ### Homomorphic encryption

Like symmetric and asymmetric encryption, homomorphic encryption uses a pair of keys to encrypt and decrypt data. However, what sets it apart is homomorphic encryption allows computation on encrypted data without first decrypting it. Therefore, even when data is processed, the information can remain confidential while being useful to other environments.

## How encryption works

Encryption takes plain text formats like emails or text messages and scrambles them into a format incomprehensible to humans called ciphertext. The sender will decide what cipher will be best in protecting the meaning of the message (symmetric or asymmetric) and using an algorithm. The message is disguised by using the key that will only be decrypted by the receiver who has the corresponding key. Once the correct key is inputted, information is restored to its original form, making the message readable for the correct party.

## Why encryption is important

In today’s processes, confidential data is exchanged every second in devices like ATMs, cellphones, and computers. Without encryption, data is exposed to various cybersecurity threats: hacking, breaches, frauds, financial, and identity thefts. Hackers tend to attack businesses and individuals whose networks are less secure. Through encryption, even when cybercriminals access sensitive information, they will not be able to use it for malicious purposes as the data cannot be read.

## How does encryption secure data?

The encryption techniques that are acceptable in today’s standards are effective against potential attacks. Through transforming data into ciphertext, information becomes very difficult and time-consuming to hack. Decrypting data also requires the decryption key that is extremely hard to obtain without authorized access, making encryption one of the best ways to protect sensitive data.

## End-to-end encryption

Considered the gold standard of securing communication, end-to-end encryption is a method that prevents unwanted parties from accessing data while it is en route to the recipient. Here, encryption happens at a device level, such that only the device of the intended recipient could decrypt data. Files and messages are encrypted before they leave the sender and are not decrypted until they reach the destination. This is made possible by a public-private pair through asymmetric cryptography.

## What happens if encryption is done wrong?

You may be asking: why do organizations get hacked even if their data is encrypted? In a lot of instances, encryption is done wrong. Common causes are having low levels of encryption, using the wrong algorithms, and improper key management.

When encryption is not done properly, your data could be subject to the same risks as unencrypted data, potentially leading to breaches like identity theft, data losses, and financial losses. Your organization could also be fined for incompliance with privacy standards.

This is exactly what happened with the Colonial Pipeline hacking incident last May wherein the pipeline faced a ransomware attack on its IT system. It is likely that this incident started from a phishing attack. The pipeline system decided to shut down their systems to isolate and mitigate the threat, causing fuel flows on the pipeline to temporarily stop.

Later, the company announced that the cyberattack involved ransomware. This hacking incident led the company to face at least two lawsuits: one of which is a lack of a proper cybersecurity program for ransomware. As such, energy operators need to follow industry-specific standards for cybersecurity best practices. In the wake of such a devastating hacking incident, the North American Energy Standards Board (NAESB) re-certified GlobalSign’s Authorized Certificate Authority (ACA) accreditation.

GlobalSign also joined the NAESB Cybersecurity Sub-committee (CSS) to help shape cybersecurity standards that helped develop the Wholesale Electric Quadrant (WEQ) Standards and ACA accreditation requirements.

GlobalSign is ISO New England's preferred Certificate Authority for Digital Certificates that must meet the stringent security standards of the Energy industry. The Company has proven to be of the highest integrity with secure, reliable processes and superior customer service.”

Jamshid Afnan,Vice President of Information Services, New England

## GlobalSign’s encryption products

Various organizations provide encryption solutions that individuals and businesses can use to protect themselves against unwanted access. At GlobalSign, we offer different products that are suitable for what your business needs.

• Secure Email Certificate. These certificates can be used to digitally sign and encrypt your emails, ensuring the privacy of sensitive information, authenticity of sender, and integrity of contents.

• SSL Certificate. (Now known as TLS Certificate) This type of digital certificate authenticates the website’s identity and enables an encrypted connection. GlobalSign ensures that your public servers and sites are in line with industry best practices.

• Digital Signatures. This is the solution you need for digitally signing and encrypting documents. Built for the cloud with flexible integration options so users can sign documents at their convenience. It also meets all major industry regulatory requirements, as well as compliance with eIDAS regulations.

• GMO Sign. This is an all-in-one document signing solution that is simple and easy to use. Sign documents on the fly, send requests for signatures, and manage your documents securely all in one platform.