Ever wondered some websites ensures its users that their data is protected. They often use the term encrypted data. But what does that mean?
To understand these terms, we need to understand Encryption first.
Encryption is a process of encoding some data into a non-readable form (often called cryptography) that can be sent to the other user over the internet which the other user decodes at his end & finds out the actual information which was sent by the user.
Say, we want to send “Hello” to a user over the internet. Instead of sending “Hello” directly, we first apply some encoding algorithm to the data, encode it to a non-readable form say
“Hello” => “NhgutFGVhjvtV”
And then we will send this data to the other user sitting on the other end.
But why do we need to do such encryption?
Because there could be many people sitting in the middle & capturing your data from the internet line you could be using. Imagine if a third person gets some of our private information say my credit card number. So, We use encryption to send data over the internet.
Now a question will be arriving, how can the end user receiving the data can decrypt that data while the third person sitting in the middle could not.
To understand this, we can think of data as a letter & encryption as a briefcase in which we put the letter to be sent to the user. To lock or unlock the briefcase, we need a key.
NOTE: Since Encryption is actually on a digital medium, so the key will also be in digital format & is a sequence of some characters & digits.
Let’s say, Bob wants to send a message to Martha. Bob will write a letter, put it in a briefcase, locks it & send the briefcase to Martha. But for Martha to unlock the briefcase, she also needs the key. So, how to send this key to Martha.
Here come two different concepts,
- Symmetric Encryption
- Asymmetric Encryption
Consider the above ways as a method to send the key to the other user.
To continue the use case of Martha receiving Bob’s locked briefcase, she needs a key.
As per Symmetric Encryption, Bob will also send the key to Martha for her to decode and when Martha will receive the key, she will be able to unlock the briefcase & read the information sent by Bob.
But the same question, if the encrypted data can be obtained by a third person, why not the key can be?
This is an issue with symmetric encryption & is overcome by Asymmetric Encryption.
Consider the same use case where Bob has to send Martha some information locked in a briefcase. But the scenario is a bit different here. To lock the briefcase, the key is available over the internet and anyone can go & pick someone’s key to encrypt some data & send that to the user.
Here comes the concept of different types of keys:
- Public Key
- Private Key
The key available to everyone as described above is the public key(as the name suggests, it is public).
Now if Bob wants to send some information to Martha, he will find Martha’s public key to lock the info in the briefcase which he will send to Martha.
On the other end, Martha will have her own private key that she can use to unlock the briefcase.
Note, only Martha will be having the private key & this key is not sent anywhere and is kept secured by Martha.
Martha will use her private key to unlock the briefcase (or decrypt the information sent by Bob). This is private key & the process of decrypting the non-readable information sent by Bob to readable form is call Decryption.
NOTE: All these encryption & decryption logics & the usage of private keys & public keys to encrypt & decrypt data are complex algorithms & mathematical operations and are beyond the scope of this article.