Encryption on the Web: Explained

Encryption is fundamental part of using the Internet securely, but it is mostly invisible to the user. This video explains the basic idea of encryption and specifically the two types of keys that are used online: symmetric and public. It teaches:

•    Why encryption matters on the Web
•    An example of encryption used in history
•    The basics of private key encryption
•    The basics of public key encryption
•    How public key encryption works when using a bank website

These days we use the Web to communicate more than ever – and much of what we say is sensitive. From private email messages to bank transactions – we need ways to use the web with confidence. Encryption, which makes online communication unreadable, is what helps give us this confidence.

Encryption is an old idea. For millennia soldiers have needed a way to send messages that couldn’t be read by the enemy. Instead of writing a message using normal words, they substituted letters in a systematic and secret way.

This is called a key. This key for example, is “three letters” which means moving the alphabet over by three letters. And by knowing the secret key, the message could be decoded.

This basic idea is what keeps our communications secure on the Web today. Instead of using the alphabet, this encryption involves computers and serious math, so the code is nearly impossible to break.

On the Web today, most encryption in managed through two different types of keys. They are Symmetric and Public Key Encryption. A popular analogy goes like this…

Alice and Bob need to send private messages to one another using the postal service. They decide to use a box with a padlock and two identical keys, one for each person.

With the keys in place, they can send the box back and forth and open it with the keys. This is called symmetric encryption.

On the Internet this means that the exact same digital key must be used to encrypt and decrypt the message. And that’s a problem. If a key is lost or stolen, the whole system is compromised. And when more people need more identical keys, the risk goes up.

A more sophisticated way to share keys, especially on the Web, is to use Public Keys. In this example, Bob sends Alice an open padlock (or public key), and keeps his private key.
She then uses it to lock (or encrypt) her box before sending it back. This way, when it arrives, Bob can open it without having to share his private key with anyone.

On the Internet, this means that a bank website can automatically provide a public key to your web browser.

With the key in place, banking information sent from your browser can be encrypted so the only thing that will unlock it is the bank’s private key.

Once it’s unlocked, and everything checks out, you can do business securely with the bank website.

It is this system, behind the scenes, that gives us confidence that information we share on the Web can be kept private and secure.