-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Tip ST04-019
Understanding Encryption
Encrypting data is a good way to protect sensitive information. It
ensures that the data can only be read by the person who is authorized
to have access to it.
What is encryption?
In very basic terms, encryption is a way to send a message in code.
The only person who can decode the message is the person with the
correct key; to anyone else, the message looks like a random series of
letters, numbers, and characters.
Encryption is especially important if you are trying to send sensitive
information that other people should not be able to access. Because
email messages are sent over the internet and might be intercepted by
an attacker, it is important to add an additional layer of security to
sensitive information.
How is it different from digital signatures?
Like digital signatures, public-key encryption utilizes software such
as PGP, converts information with mathematical algorithms, and relies
on public and private keys, but there are differences:
* The purpose of encryption is confidentiality--concealing the
content of the message by translating it into a code. The purpose
of digital signatures is integrity and authenticity--verifying the
sender of a message and indicating that the content has not been
changed. Although encryption and digital signatures can be used
independently, you can also sign an encrypted message.
* When you sign a message, you use your private key, and anybody who
has your public key can verify that the signature is valid (see
Understanding Digital Signatures for more information). When you
encrypt a message, you use the public key for the person you're
sending it to, and his or her private key is used to decrypt the
message. Because people should keep their private keys
confidential and should protect them with passwords, the intended
recipient should be the only one who is able to view the
information.
How does encryption work?
1. Obtain the public key for the person you want to be able to read
the information. If you get the key from a public key ring,
contact the person directly to confirm that the series of letters
and numbers associated with the key is the correct fingerprint.
2. Encrypt the email message using their public key. Most email
clients have a feature to easily perform this task.
3. When the person receives the message, he or she will be able to
decrypt it.
_________________________________________________________________
Authors: Mindi McDowell
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-019.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRvquZvRFkHkM87XOAQIMxggAl8iTFJqMEEEyrGZsV/p+m97s5ojWtiub
Eg4BT95cAeG8fwfuevbcfR5gjM2/u2/Pa4RQkWlRXLKdVDEvgZd6pcGx8TUFqteJ
qjCFmCE5Z7Wl1jCxp3iQCHYDqTtfO8nI7/6DLF7vwVLoeMf7PF+H6Rw3lLjCME8f
tE5OWS9+JXAqzzPq0ipsmLoRMMkhmhtJfFuAD9oJY/z2SktIG9Roq6nH8zF1o/jI
ioJzgUkLBgeZnJkOmcJJx6bDFqi3ta2IUAFVXV4gNG84OFKtBbPsitcGqLGbRwtP
XY2GIdvigbqaW4s9z0Noe+/5Gdwxs3IxCS0TPOzj04Lpj5jRJSDPZA==
=U7Ev
-----END PGP SIGNATURE-----
