NetAction's Guide to Using Encryption Software

What is encryption, and how does it work?

Fundamentals

Encryption is a software tool that uses scrambling to make data unreadable to anyone other than the intended recipient. It is useful to ensure the privacy of data that you store on your computer, or that you want to email to someone else.

Encryption software programs use algorithms, or complex mathematical processes, to scramble and unscramble (or "encrypt" and "decrypt") the data. Algorithms work through the creation of keys, which are specific strings of data used for encryption. These keys consist of long strings of bits, or binary numbers. The more bits in the key, the greater the number of possible combinations of binary numbers, making the code more difficult to break. You may have heard of "56-bit" or "128-bit" keys, for example. With more bits, the 128-bit key is more difficult to break than the 56-bit key.

If you're curious, you can see what an algorithm looks like: IDEA is one of the algorithms used in Pretty Good Privacy (PGP). An encryption algorithm scrambles data by combining the bits in the key with the data bits; in decryption, the algorithm unscrambles data by separating the data bits from the key bits. In symmetric key encryption, the same key is used to scramble and unscramble data. In asymmetric key encryption, two different keys are required: one to scramble and one to unscramble. With either method, a recipient cannot access the original data without the correct key.

Here is an example of data that has been encrypted:

(((((0400ACHCLBGHEPIOFJJHPLJOFIJAPHOAIDBJEGBMIOHONGALJ
NFMMFINKPNFBIKJKLBLCPEHLPBDLDJEMFHOMPHLCMDLNGILOECLFFI
CNHOEAODJMBLKCDCBAEALAJLCEBBBFIGIOOHGBOPHBJDEPGDLOOBOJ
PBBCIHAIJOHLMHJIMJCGILHMCAKKGNNPMAJKHGBGCNDLFDGMBKGGNJ
ODPDAEKKIPLALIKKPHDFIPOBBEDFMKKBLNMEEPNMMMOIDIPDBMGOEE
CDNMNKOIAIAHICOACNAGBDDPKPNKAOJPFGPIFCGFDLLOCMEGIMNOHD
GMAAEOJEKJIDNIGBHBHNBKENNOGILFAMMOIJDBDAHHNIKCBCFEIPNJ
NMIGGCIMKDGACMGHFGKLMFDNAKOELAOHDJCGGDEDAGDAJNHHAOBJME
KJKGMFGIKPCOJIFFDEHFONKAPHP)))))

You can decrypt this data with ShyFile, a web-based encryption program. Go to http://www.shyfile.net/d.htm, paste the encrypted message into the appropriate box, and use this key to decode the message: netaction.org-encryptionfornonprofits

Software

Encryption software is available for many purposes. You may already be familiar with one form of encryption software: many e-commerce and donation Web sites use Secure Socket Layers (SSL). Whenever you visit any Web page with an address starting with "https" instead of "http," SSL will automatically encrypt anything you type into that page, such as passwords or credit card information, before sending it over the Web.

Our guide focuses on encryption software for email and files, which is considerably more complicated than SSL encryption. Encrypted files can be attached to an email message, uploaded to a Web server via File Transfer Protocol (FTP), or put on a floppy disk and passed by hand. Email messages themselves can also be encrypted. It is not necessary, however, for an email message to be encrypted in order to send it with an encrypted attachment. For example, an encrypted document can be attached to an unencrypted email message that says, "See the attached confidential document." Encryption software specifically intended for use with email is generally easier to use than software intended to encrypt files, because email encryption software integrates seamlessly into the email program. Some email encryption software, for example, adds buttons to your mail program's menu.

Different software programs have different strengths and vulnerabilities, and employ different ways of distributing the keys that scramble and unscramble data. Some software programs require the recipient of an encrypted document or email message to use the same software the sender used. Others simply require the recipient to possess the same key or password that the sender used.

Next: Do I need encryption? | Back to Guide