Aviva Directory » Computers & Internet » Software » System Software » Utility Software » Security & Antivirus » Encryption

Encryption software uses digital cryptography to prevent unauthorized access to digital information and is used to protect information stored on computers as well as that which is sent over the Internet.

Encryption refers to a method of encoding information in such a way that only authorized people are able to read or use it. While encryption does not deny access to the encrypted file, it renders the content unintelligible to unauthorized interceptors. While encryption techniques have been in use for centuries, long before the invention of computers, digital encryption generally uses a pseudo-random encryption key generated by an algorithm, the idea being that a digital key is necessary in order to decrypt the message.

Encryption capabilities are part of several software products, including email systems, but the focus of this category is on software products designed primarily for encryption, although they may have other functions as well.

Software encryption uses a cipher, which is an algorithm for performing encryption and decryption. Text that has been encrypted is known as ciphertext. It includes a form of the original text that has been made unreadable by a human or computer without the proper decryption key or cipher. Decryption is the process of turning ciphertext into readable plain text.

Ciphertext is similar to codetext, but they are not synonymous. Although cipher and code are often used interchangeably, a cipher is an encryption system that is used to replace letters of a word so that only the person who is aware of the system used for encryption is able to understand the message, while a code is a method of replacing a word or phrase with another word, phrase, or symbol, but for the same purpose.

There are two types of ciphers: public key (asymmetric) ciphers and symmetric key ciphers. Encryption software may be based on either of these forms. Symmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream ciphers encrypt plain text a bit or a byte at a time and are generally used to encrypt realtime communications, such as audio or video, while block ciphers split the plain text into fixed-size blocks, encrypting one block at a time.

Another way in which encryption software can be classified is by purpose, divided between data in transit encryption and data at rest encryption.

Data at rest refers to that which has been saved to a disk or another type of persistent storage. This type of encryption usually uses a symmetric key, although there are varying methods of doing so. Encryption might be configured at the disk layer, on a partition, a volume, at the layer of the file system, or within user space applications like a database or application.

With full disk encryption, the whole disk is encrypted, except for the small bits required to boot or access the disk when not using an unencrypted boot. Because disks can be partitioned into multiple partitions, partition encryption is sometimes used to encrypt individual partitions. Volumes are created by combining two or more partitions, which may be encrypted through volume encryption. Also made up of one or more partitions, file systems can be encrypted through filesystem-level encryption. A directory is considered to have been encrypted when the files within the directory are encrypted, while file encryption encrypts a single file. With database encryption, information is written to persistent storage only after the data to be stored has been encrypted.

When it is necessary to transmit data at rest, through something other than a secure connection, tools have been developed for this. These rely on the receiver publishing their encryption key, and the sender being able to obtain the key. The sender, then, creates a symmetric key to encrypt the information and uses the receiver's public key to securely protect the transmission of the information and the key. Pretty Good Privacy (PGP), now a Symantec product, is an example of this type of encryption.

Data in transit refers to that sent over a network, such as the Internet, where confidential information might be vulnerable to unauthorized access while between the two endpoints. to protect the data being sent, confidential information can be encrypted to ensure confidentiality, integrity, and validity.

Often, data in transit is between two entities that do not know one another. In order to establish a relationship and share an encryption key, a set of policies and procedures is established and referred to as the public key infrastructure (PKI). Once PKI has established a secure connection, a symmetric key can be shared between the two endpoints. Software that uses this type of encryption includes Secure Email, Secure Shell, SSH File Transfer, and web communication through HTTPS.

Regardless of the purpose or method of encryption used, the focus of this category is on encryption software.



Recommended Resources

Search for Encryption on Google, Bing, or Yahoo!