Message Security Mechanisms

Encryption is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge, which is contained in a key. Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.

Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption are different.

Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives - when we sign our name to some document for instance - and, as we move to a world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication.

The "crypt" in encryption and decryption is cryptography. Cryptography provides mechanisms for providing authentication, which include encryption and decryption, as well as digital signatures and digital timestamps. A digital signature binds a document to the possessor of a particular key, while a digital timestamp binds a document to its creation at a particular time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high security installation, or a pay-per-view TV channel.

Authentication is any process through which one proves and verifies certain information. Sometimes one may want to verify the origin of a document, the identity of the sender, the time and date a document was sent and/or signed, the identity of a computer or user, and so on. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the signer's private key. It is typically created through the use of a hash function and a private signing function (encrypting with the signer's private key), but there are other methods.

For more information on cryptography, please read this document: RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Version 4.1, available at http://www.rsasecurity.com/rsalabs/node.asp?id=2152. (Some of the text in this section was excerpted, by permission, from this document.)