US-CERT Cyber Security Tip ST04-019 -- Understanding Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                       National Cyber Alert System
                       Cyber Security Tip ST04-019

Understanding Encryption

   Encrypting data is a good way to protect sensitive information. It
   ensures that the data can only be read by the person who is authorized
   to have access to it.

What is encryption?

   In  very  basic  terms, encryption is a way to send a message in code.
   The  only  person  who  can  decode the message is the person with the
   correct key; to anyone else, the message looks like a random series of
   letters, numbers, and characters.

   Encryption is especially important if you are trying to send sensitive
   information  that  other  people should not be able to access. Because
   email  messages are sent over the internet and might be intercepted by
   an attacker, it is important to add an additional layer of security to
   sensitive information.

How is it different from digital signatures?

   Like  digital signatures, public-key encryption utilizes software such
   as  PGP, converts information with mathematical algorithms, and relies
   on public and private keys, but there are differences:
     * The  purpose  of  encryption  is  confidentiality--concealing  the
       content  of the message by translating it into a code. The purpose
       of digital signatures is integrity and authenticity--verifying the
       sender  of  a message and indicating that the content has not been
       changed.  Although  encryption  and digital signatures can be used
       independently, you can also sign an encrypted message.
     * When you sign a message, you use your private key, and anybody who
       has  your  public  key can verify that the signature is valid (see
       Understanding  Digital  Signatures for more information). When you
       encrypt  a  message,  you use the public key for the person you're
       sending  it  to, and his or her private key is used to decrypt the
       message.   Because   people   should   keep   their  private  keys
       confidential  and should protect them with passwords, the intended
       recipient  should  be  the  only  one  who  is  able  to  view the
       information.

How does encryption work?

    1. Obtain  the  public key for the person you want to be able to read
       the  information.  If  you  get  the  key  from a public key ring,
       contact  the person directly to confirm that the series of letters
       and numbers associated with the key is the correct fingerprint.
    2. Encrypt  the  email  message  using  their  public key. Most email
       clients have a feature to easily perform this task.
    3. When  the  person  receives the message, he or she will be able to
       decrypt it.
     _________________________________________________________________

    Authors: Mindi McDowell
     _________________________________________________________________

    Produced 2007 by US-CERT, a government organization.

    Note: This tip was previously published and is being re-distributed 
    to increase awareness. 
  
    Terms of use
 
    <http://www.us-cert.gov/legal.html>
  
    This document can also be found at
 
    <http://www.us-cert.gov/cas/tips/ST04-019.html>
 

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRvquZvRFkHkM87XOAQIMxggAl8iTFJqMEEEyrGZsV/p+m97s5ojWtiub
Eg4BT95cAeG8fwfuevbcfR5gjM2/u2/Pa4RQkWlRXLKdVDEvgZd6pcGx8TUFqteJ
qjCFmCE5Z7Wl1jCxp3iQCHYDqTtfO8nI7/6DLF7vwVLoeMf7PF+H6Rw3lLjCME8f
tE5OWS9+JXAqzzPq0ipsmLoRMMkhmhtJfFuAD9oJY/z2SktIG9Roq6nH8zF1o/jI
ioJzgUkLBgeZnJkOmcJJx6bDFqi3ta2IUAFVXV4gNG84OFKtBbPsitcGqLGbRwtP
XY2GIdvigbqaW4s9z0Noe+/5Gdwxs3IxCS0TPOzj04Lpj5jRJSDPZA==
=U7Ev
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux