A. Encryption - the basics.

A.1. Symmetric encryption

Symmetric encryption consists of two parts: an algorithm and a password.

Encryption and decrytion is based on the same password. This means that both the transmitter and the receiver need to know the password. No need to tell that the big issue with this kind of encryption is the way how you transmit your password to the receiver...
The algorithms used for this kind of encryption (DES, Triple DES, IDEA, Blowfish, RC2, AES,...) are pretty fast, though.

Original message --> algorithm + password --> encrypted message -*-*-*-*-*-*-*- encrypted message --> password + reversed algorithm --> Original message

A.2. Public key-encryption

In the 70's, Rivest, Shamir and Adleman (RSA) invented public key-encryption.

Public key-encryption consistes of two parts: a public and a private key.

The principle: the public and the private key are assymetric: a message you encrypt with the public key, can only be decrypted with the private key (and the other way around).
Your correspondents use your public key to decrypt data, and you're the only one who can decrypt that data with your private key.

Original message --> public key + algorithm --> encrypted message -*-*-*-*-*-*-*- encrypted message --> algoritm + private key --> original message.

This system is considered safe, as long as you keep the private key to yourself...
There's a downside though: the algorithms used for public key-encryption take a lot of CPU-power. That's why most people only use this technique to transfer a password for symmetric encryption. The rest of the transmission is based on symmetric encryption then...

Some other issues: you need a database (which can be hacked!) to store all of the public keys, and you need a mechanism to block keys - in case something goes wrong.

B. Public key-encryption put into practice.

B.1. Public Key-encryption: Pretty Good Privacy.

Pretty Good Privacy, indeed: the keys used by PGP are considered unbreakable at this time...

PGP is based on a network from 'trusts': every time you make a new pair of keys, you send your public key to a central database. In this database, you can of course also find the public keys from your correspondents. Every time you can decode someone's mail, that proves that your correspondent has used your private key. You can then ask your correspondent to digitally sign that key. This way, there's a guarantee that your public key in the PGP-database is the correct one. When a key is signed by people you trust, you know you can also trust their keys --> a network of trusts...

B.2. Public Key-encryption: Secure MIME.

S/Mime is an extension of the e-mail-protocol. You need a digital certificate for this one, and you need to pay for it

C. Virtual Private Network: VPN

VPN is based on the encryption from all networktraffic from and to your computer (instead of encrypting the message, you encrypt the traffic).
The L2TP-protocol (Layer 2 Tunneling Protocol) and Microsofts PPTP (Point-to-Point Tunneling Protocol) are well-known VPN applications, though both are more often replaced nowadays by the new IPSEC (Internet Protocol Security)-protocol. IPSEC will be part of IPv6, btw.


- RSA's Secure MIME
- Network Associates' PGP Freeware for Windows
- PGP Homepage
- IPv6