Skip to main content

5.3 Protecting Stored Data with Cryptography

Topic 5.3: Protecting Stored Data with Cryptography

Cryptography is the science of hiding information to ensure its confidentiality. The core of cryptography is the cryptographic algorithm, a defined mathematical process for encrypting and decrypting data. Encryption is the process of converting readable information, known as plaintext, into an unreadable format called ciphertext. Decryption is the reverse process of converting ciphertext back into plaintext.

This transformation is controlled by a key, which is a piece of information (typically a binary string) used by the algorithm. The security of an encrypted message depends on the secrecy of the key and the strength of the algorithm. The set of all possible keys that can be used with a given algorithm is called the keyspace. A larger keyspace makes it more difficult for an adversary to guess the key through a brute-force attack.

Cryptographic algorithms are classified in several ways. Based on the number of keys they use, they are either:

  • Symmetric: These algorithms use a single, shared key for both encryption and decryption. Both the sender and receiver must have the same secret key before they can communicate securely.
  • Asymmetric: These algorithms use a pair of keys: a public key for encryption and a private key for decryption.

Algorithms are also classified by how they process data:

  • Block Ciphers: These algorithms process data in fixed-size chunks called blocks. The entire block of plaintext is encrypted at once to produce a block of ciphertext.
  • Stream Ciphers: These algorithms encrypt data one bit or one byte at a time, creating a continuous stream of ciphertext.

Symmetric encryption is widely used for protecting stored data (data at rest) and for securing large volumes of data in transit. The most common and secure symmetric algorithm in use today is the Advanced Encryption Standard (AES). AES is a block cipher that encrypts data in 128-bit blocks. It can be used with different key lengths, typically 128, 192, or 256 bits. A longer key provides a larger keyspace and thus stronger security, but it also requires more computational power and time to perform the encryption and decryption.

Symmetric encryption can be performed using various tools. On a command-line interface (CLI), a tool like OpenSSL can be used to encrypt and decrypt files. For example, to encrypt a file named eport.txt using AES with a 128-bit key derived from a password, one might use a command like: openssl enc -aes-128-cbc -e -in report.txt -out report.enc

To decrypt it, the corresponding command would be: openssl enc -aes-128-cbc -d -in report.enc -out report.txt

Specialized software with graphical user interfaces is also available, providing a user-friendly way to encrypt files on a local device.