LawPay Mercer Health & Benefits Administration LLC



Decrypting Encryption: Gaining Competence on Encryption for Your Practice

By Dave Ries and John Simek

Encryption is the conversion of data from a readable form, called plaintext, into a form, called ciphertext that cannot be easily understood by unauthorized people.

Decryption is the process of converting encrypted data back into its original form (plaintext), so it can be understood.

Encryption can protect stored data (on servers, desktops, laptops, tablets, smartphones, portable devices, etc.) and transmitted data (over wired and wireless networks, including the Internet and e-mail).

Encryption uses a mathematical formula to convert the readable plaintext into unreadable ciphertext. The mathematical formula is an algorithm (called a cipher). Decryption is the reverse process that uses the same algorithm to transform the unreadable ciphertext back to readable plaintext. The algorithms are built into encryption programs – users don’t have to deal with them when they are using encryption.

This graphic shows the basic steps:

Encryption keys are used to implement encryption for a specific user or users. A key generator that works with the selected encryption algorithm is used to generate a unique key or keys for the user(s). A key is just a line or set of data that is used with the algorithm to encrypt and decrypt the data. Protection is provided by use of the algorithm with the unique key or keys.

The process is called secret key or symmetric key encryption where the same key is used with an algorithm to both encrypt and decrypt the data. With secret key encryption, it is critical to protect the security of the key because it can be used by anyone with access to it to decrypt the data.

Where a key pair is used, one to encrypt the data and a second one to decrypt the data, the process is called asymmetric encryption. For this kind of encryption, a key generator is used to generate a unique key pair, one for encryption (a public key) and the other for decryption (a private key). With key pairs, it is critical to protect the private decryption key since anyone with access to it can decrypt the data.

Here is an example of a secret key for a commonly used algorithm called the Advanced Encryption Standard-256 (AES-256) algorithm. The same key is used to both encrypt and decrypt the data.


Example AES-256 Key

Let’s look at a simple example of its application. A short line of readable plaintext, “This is an encryption demo,” becomes unreadable ciphertext when this key is used with the algorithm in an encryption program.

Simple Example of Encryption

The same key must be used with the algorithm in an encryption program to convert the ciphertext back to readable plaintext.

Simple Example of Decryption

Symmetric key encryption is frequently used to protect data stored on servers, laptops, portable media, etc. The key is frequently used and stored on a single computer or mobile device where providing the key to someone at a remote location is not necessary. It is difficult to use symmetric key encryption for communications because it is a challenge to securely share the key with the recipient.

Fortunately, users don’t have to deal with keys during everyday use of encryption. When they log on with the correct password or passphrase, the program automatically accesses the key to decrypt the data. When they log off or shut down, the data is automatically encrypted.

Reprinted with Permission. All rights reserved.  This information or any or portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.