Important points to remember about encryption

Following are some of the most important points related to encryption for passing exams and for general understanding.

• Encryption is the process of converting a plain text into cipher text. Decryption is converting the cipher text back into the original plain text. If we use a key for encryption, we need to use the same key for decryption.
• Encryption algorithms are generally published for anyone to see, use and even contribute to improving the algorithm. Key however is secret.
• Based on the usage of keys an encryption scheme can be classified into two types: symmetric encryption and asymmetric encryption.
  • In symmetric encryption, we use the same key for both encryption and decryption. 
  • In asymmetric encryption, we use a combination of two keys: one private key that is private to the user and a public key that is available to everyone. Data is encrypted using one key can be decrypted by the other. 
• A symmetric master key is a key that is used to encrypt other keys such as data keys, authentication keys etc.
• It is good practice to rotate keys. However, rotating keys will require decrypting and encrypting again, which may take a lot of time for big data. Therefore, the data is encrypted with a key and this key is then encrypted by a master key. This is referred to as envelope encryption.
• Envelope encryption is referred to the process of encrypting data with a key, and then encrypting this key using another key. With envelope encryption, we may encrypt keys upto many levels, but ultimately one key will be unencrypted and this key is called the master key. 
• With envelope encryption we can store both our data and keys together. Envelope encryption also allow us to work easily with multiple master keys by enabling us to re-encrypt only the keys and not the complete data. 
• There can be more than one level of encryption with envelope encryption. For example, a data key can be encrypted with another key, which is encrypted by another key and so on. However, there will be a master key in the end that is not encrypted. This key needs to be stored securely and rotated regularly. AWS KMS is the service from Amazon that will help us create and maintain our master keys.