Chapter 3: Introduction to Technological Aspects of Privacy

Encryption: Symmetric, Asymmetric, Certificates and PKI

Encryption shields data by converting plaintext to ciphertext using a key. Symmetric key cryptography uses one shared key (fast but sharing is hard); asymmetric cryptography uses public/private key pairs that scale and enable digital certificates via a certificate authority (CA) and public key infrastructure (PKI).

Encryption converts plaintext to ciphertext and is reversed with a key. Shielding can be encryption in transit (against 'man in the middle' attacks), at rest (a stolen encrypted hard drive stays secure - and under most data breach laws encryption at rest creates an exception from the duty to report a breach), or in use.

Symmetric vs asymmetric cryptography
Approach	Keys	Trade-off
Symmetric key cryptography	One shared key to encrypt and decrypt	Fast and short, but Alice must securely share the key with Bob
Asymmetric cryptography	Public + private key pair per user	Scalable - encrypt with the recipient's public key; basis for digital certificates

Certificates, CAs and PKI

A certificate authority (CA) validates identity and issues a digitally signed certificate linking a person to a public key. Public key infrastructure (PKI) is the broader system of policies, standards, people, and systems supporting key distribution and identity validation.

Key terms - quick answers

What is “Encryption”?

A reversible process that converts plaintext into scrambled ciphertext; decryption reverses it using a key.

What is “Plaintext”?

The original, readable data before encryption.

What is “Ciphertext”?

Scrambled, unreadable data produced by encrypting plaintext.

What is “Key”?

A string of characters applied by a cryptographic algorithm; the longer and more complex, the stronger the security.

← Deidentification Standards: HIPAA Methods and FTC Guidance Hashing, Salt and Digital Signatures →