Encryption for Dummies
This is a short, informal introduction to encryption. It is intended for people who don't want to be encryption experts but who want to understand how it works.
If you're a web admin or a programmer, you shouldn't be reading this. You need to know how encryption actually works.
Contents
What is encryption and cryptography?
"Cryptos" comes from Greek and means "to hide".
"Encryption" means to make something hidden so others can't see it (but the people you want to see it can.)
There is also the topic of digital signatures, which proves that someone signed something using similar techniques. We'll talk about that too since it is related.
Encryption Algorithms
An algorithm is simply a mathematical recipe. Just like the recipes in cookbooks, it tells you what mathematical steps you need to take to do something.
Encryption algorithms are recipes that allow you to encrypt things. The same algorithms are also used to create signatures.
An example of a really bad algorithm is "rot13". Rot13 says to replace all the a's with n's, b's with o's, etc... This is a really easy encryption algorithms kids use but it's very easy to figure out and decode messages even if you don't know rot13 is being used.
Modern Encryption Algorithms
There are a lot of algorithms out there. Right now, you would probably want to use an SHA algorithm, something with a high number at the end. If you dig deep into this topic, you can learn more about why certain algorithms are better or worse than others.
The modern encryption algorithms work by using key pairs. A key is just a really, really big number. Using the algorithm and a private key, you can encrypt any kind of message and send it to your friends. If you give them your public key, they can decrypt it. Or, you can use your friend's public key and encrypt the message and they can decrypt that with their private key.
What makes a private key private is that you don't share it with anyone. Don't copy it to thumbdrive, don't upload it to the internet, don't store it in Dropbox. Never, ever, ever copy it, and never let anyone else but yourself look at it, not your wife, not your mother, not even Aunt Mae.
The public key is shared with everyone. The more people who have it the better.
You can make new private and public key pairs whenever you want to. Just make sure to share the public key with your friends and make sure to keep the private key hidden.
When someone is able to access your private key, your friends should no longer use the public key. Make a new private key and pass out to public key to them again.
How SSL / HTTPS Works
With all these keys flying around, how can you tell which keys belong to who?
Thankfully, there is a solution to this problem. This is called trust.
In your web browser, you have a list of public keys for some companies whose job it is to keep their private key private and to verify the identity of other websites and their owners and keep track of their public keys.
When you access a website with SSL or HTTPS, the first thing that happens is your computer asks their servers for proof that they are the right server. The other computer produces a certificate that says who verified their identity. Your computer checks that the signature matches with one of the public keys on your computer, and if it does, then everything checks out. If not, then your computer will tell you that there is a problem and will refuse to visit the website.
This technology is rather complicated, but that's all there is to it.
