US-CERT Cyber Security Tip ST04-019 -- Understanding Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

			Cyber Security Tip ST04-019
                          Understanding Encryption

   Encrypting data is a good way to protect sensitive information. It
   ensures that the data can only be read by the person who is authorized
   to have access to it.

What is encryption?

   In very basic terms, encryption is a way to send a message in code.
   The only person who can decode the message is the person with the
   correct key; to anyone else, the message looks like a random series of
   letters, numbers, and characters.

   Encryption is especially important if you are trying to send sensitive
   information that other people should not be able to access. Because
   email messages are sent over the internet and might be intercepted by
   an attacker, it is important to add an additional layer of security to
   sensitive information.

How is it different from digital signatures?

   Like digital signatures, public-key encryption utilizes software such
   as PGP, converts information with mathematical algorithms, and relies
   on public and private keys, but there are differences:

     * The purpose of encryption is confidentiality--concealing the
       content of the message by translating it into a code. The purpose
       of digital signatures is integrity and authenticity--verifying the
       sender of a message and indicating that the content has not been
       changed. Although encryption and digital signatures can be used
       independently, you can also sign an encrypted message.

     * When you sign a message, you use your private key, and anybody who
       has your public key can verify that the signature is valid (see
       Understanding Digital Signatures for more information). When you
       encrypt a message, you use the public key for the person you're
       sending it to, and his or her private key is used to decrypt the
       message. Because people should keep their private keys
       confidential and should protect them with passwords, the intended
       recipient should be the only one who is able to view the
       information.

How does encryption work?

    1. Obtain the public key for the person you want to be able to read
       the information. If you get the key from a public key ring,
       contact the person directly to confirm the fingerprint.

    2. Encrypt the email message using their public key. Most email
       clients have a feature to easily perform this task.

    3. When the person receives the message, he or she will be able to
       decrypt it.
  _________________________________________________________________

   Authors: Mindi McDowell
  _________________________________________________________________
 
  This document can also be found at

   <http://www.us-cert.gov/cas/tips/ST04-019.html>

   Copyright 2004 Carnegie Mellon University

   Terms of use

   <http://www.us-cert.gov/legal.html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQWQ0ShhoSezw4YfQAQIztAgAimWlh13vuh5gxTAkNoGSWJkywtdS9gNv
Mu9v5Nz5UrNoNLcpaA5gr4MV8l/qMDPzQ8h/arBXz6Ls9jD5yA64I3Cwxph+KJJw
ZzZhw/UDONMt3egUFIU94Iv+y+lanz78/q/CzPGv3WkuFPgDuKQGEFyxxOpzsmcG
BWl4GFIaypLw9AJPnvNrMaMxDsxdGaZ8/sSl/jB+S+J9igc+ehdGGwi43g5foYdg
i0xKhi9MGAUl+O1hYifdbhYGRlP6hB+eHHOJ5gvY8pSbJ/lfcln/TAaHw3OFPtGe
TQc2nDguEJgK1XnDbtXcKpWPL0yZEuV81qKZIOEyCI3txl9qvOSFgg==
=eT68
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux