-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST04-019
Understanding Encryption
Encrypting data is a good way to protect sensitive information. It ensures
that the data can only be read by the person who is authorized to have
access to it.
What is encryption?
In very basic terms, encryption is a way to send a message in code. The only
person who can decode the message is the person with the correct key; to
anyone else, the message looks like a random series of letters, numbers, and
characters.
Encryption is especially important if you are trying to send sensitive
information that other people should not be able to access. Because email
messages are sent over the internet and might be intercepted by an attacker,
it is important to add an additional layer of security to sensitive
information.
How is it different from digital signatures?
Like digital signatures, public-key encryption utilizes software such as
PGP, converts information with mathematical algorithms, and relies on public
and private keys, but there are differences:
* The purpose of encryption is confidentialityâ??concealing the content of
the message by translating it into a code. The purpose of digital
signatures is integrity and authenticityâ??verifying the sender of a
message and indicating that the content has not been changed. Although
encryption and digital signatures can be used independently, you can
also sign an encrypted message.
* When you sign a message, you use your private key, and anybody who has
your public key can verify that the signature is valid (see
Understanding Digital Signatures for more information). When you encrypt
a message, you use the public key for the person you're sending it to,
and his or her private key is used to decrypt the message. Because
people should keep their private keys confidential and should protect
them with passwords, the intended recipient should be the only one who
is able to view the information.
How does encryption work?
1. Obtain the public key for the person you want to be able to read the
information. If you get the key from a public key ring, contact the
person directly to confirm that the series of letters and numbers
associated with the key is the correct fingerprint.
2. Encrypt the email message using their public key. Most email clients
have a feature to easily perform this task.
3. When the person receives the message, he or she will be able to decrypt
it.
_________________________________________________________________
Authors: Mindi McDowell
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Note: This tip was previously published and is being
re-distributed to increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST04-019.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit
http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS08zWducaIvSvh1ZAQJE8Af/SyrtRBxq/tkARg+tZxERpW96kZW1gWI4
MoeRYBXkRE22168bUpCX0BpjPCjNpJflH4RIov8tGt70U4v/wzJNonta3huCgwmJ
t/cg/+YSfwlnQTG1KgqoBou+TGNWMVCuGTkWOjZ2t4YYJ8tnMaXiHwfWwytaoJ6H
eC2Se+1CoZSk+x2BfbpJe3gJYWsbz8W57j7TkbiclpCADU1J2lSj4Fp4zZvCvsFn
EuS9Br3669EK5EZW4NnAPWWs4zkSXFGan+G66snZJwtZidSxX3cDIg0NVdVe+qcR
OxRDbzBFWOlzrCr1ebs/2AmYdYP0koTei7RNJ0X+pvpIvWGiT/qLEQ==
=2MKG
-----END PGP SIGNATURE-----
