Encryption is used in our everyday life without us realizing it. It protects data from unauthorized access, especially when it is sent over the internet. Basically what happens is your data (called plain text) is transformed into cipher text (encrypted data which can not be understood unless you have the decryption key) by an encryption key, sent over and then decrypted back to plain text when it has reached its destination. Nowadays, our computer systems make up encryption keys just as the data is being sent and these usually consist of complex mathematical algorithms, but it doesn’t always have to be that hard.
For example, a Caesar cipher (a.k.a. shift cipher)
Image Credit : Caesar Cipher by Benjamin Fischet, Found on http://donpiorsuerte.files.wordpress.com/2010/05/caesar.png
Here, each letter of the message is changed to another letter. It’s a very simple example of encrypting a text and is not used in our data encryption by computers nowadays.
Secret Key Encryption a.k.a symmetric key encryption or single key encryption
Caesar Cipher is also an example of this, where the encryption key is the decryption key. While still useful, it has to be used with extreme care as the keys have to be kept secret.
Public Key Encryption a.k.a. Asymmetric key encryption
A solution to this is to use public key encryption. This uses a pair of keys instead of just one. A Public Key is used only for encryption and anyone can have access to this, and data is decrypted with the private key which only a handful of authorised personnel has.
Image Credit : E-mail Security using public Key Cryptography at http://www.akadia.com
Digital Signing and Certificate
However a problem of authenticity still remains in the equation. This is where digital signing and certificate comes in.
a Digital Certificate is used to authenticate the sender of a message so whenever the sender sends a message, it is digitally signed using his/her private key.
A Certificate Authority is used to verify the owner of the public key. This is usually issued by authorities to companies and organisations after checking their identity.