What Is Encryption?
Encryption transforms readable data (plaintext) into unreadable data (ciphertext) using an algorithm and a key. Only someone with the correct key can decrypt it. Symmetric encryption (AES) uses one key; asymmetric encryption (RSA, Ed25519) uses a public/private key pair.
How Encryption Works
Symmetric (AES-256): same key encrypts and decrypts — fast, used for data at rest and TLS data transfer. Asymmetric (RSA/Ed25519): public key encrypts, private key decrypts — used for key exchange, digital signatures, and SSH. HTTPS uses both: asymmetric to exchange a symmetric key, then symmetric for the session.
Key Concepts
- Symmetric Encryption — One key for both encryption and decryption — AES-256 is the standard
- Asymmetric Encryption — Public key encrypts, private key decrypts — enables secure communication without sharing secrets
- Encryption at Rest — Encrypt stored data — database encryption, disk encryption, file encryption
- End-to-End Encryption — Only sender and receiver can read messages — the service provider cannot access the content
Frequently Asked Questions
Encryption vs hashing?
Encryption is reversible (decrypt with a key). Hashing is one-way (can't reverse a hash). Encrypt data you need to read later. Hash passwords and data you only need to verify.