What is Encryption?
Encryption is a technology that transforms data into a format that third parties cannot read. Only those with the correct key can restore (decrypt) the original data.
Why is it needed: To address risks of data falling into third-party hands through communication eavesdropping, unauthorized database access, or device loss.
Types of Encryption
| Type | Symmetric Encryption | Asymmetric Encryption | Hash Functions |
|---|---|---|---|
| Keys | Same key for encrypt/decrypt | Different keys for encrypt/decrypt | One-way (no decryption) |
| Usage | Data encryption | Key exchange, signatures | Verification only |
Symmetric Encryption
Uses the same key for both encryption and decryption.
flowchart LR
P1["Plaintext"] -->|"Shared Key"| E["Encrypt"]
E --> C["Ciphertext"]
C -->|"Shared Key (same)"| D["Decrypt"]
D --> P2["Plaintext"]
Common Algorithms
| Algorithm | Key Length | Characteristics |
|---|---|---|
| AES | 128/192/256-bit | Current standard, fast |
| ChaCha20 | 256-bit | Mobile-friendly, fast |
| 3DES | 168-bit | Legacy, not recommended |
Implementation Example
const crypto = require('crypto');
// Encryption
function encrypt(text, key) {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
const authTag = cipher.getAuthTag();
return {
iv: iv.toString('hex'),
encrypted,
authTag: authTag.toString('hex')
};
}
// Decryption
function decrypt(encryptedData, key) {
const decipher = crypto.createDecipheriv(
'aes-256-gcm',
key,
Buffer.from(encryptedData.iv, 'hex')
);
decipher.setAuthTag(Buffer.from(encryptedData.authTag, 'hex'));
let decrypted = decipher.update(encryptedData.encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
Advantages and Disadvantages
| Advantages | Disadvantages |
|---|---|
| Fast | Key distribution is challenging |
| Suitable for large data encryption | Requires separate key for each communication partner |
Public Key Encryption (Asymmetric)
Uses different keys (public key and private key) for encryption and decryption.
flowchart LR
subgraph Receiver["Receiver"]
Priv["Private Key<br/>(held only by receiver)"]
Pub["Public Key<br/>(publicly available)"]
end
subgraph Sender["Sender"]
P1["Plaintext"]
end
Pub -->|"Get public key"| P1
P1 -->|"Encrypt with public key"| C["Ciphertext"]
C -->|"Decrypt with private key"| P2["Plaintext"]
Priv --> P2
Common Algorithms
| Algorithm | Use Case | Characteristics |
|---|---|---|
| RSA | Encryption, Signatures | Widely used |
| ECDSA | Signatures | High security with shorter keys |
| Ed25519 | Signatures | Fast, modern |
| X25519 | Key exchange | Elliptic curve Diffie-Hellman |
Digital Signatures
Sign with private key, verify with public key.
flowchart LR
subgraph Sender["Sender (signing)"]
D["Data"]
end
subgraph Receiver["Receiver (verifying)"]
R["Authentic/Forged"]
end
D -->|"Sign with private key"| S["Signature"]
S -->|"Verify with public key"| R
Advantages and Disadvantages
| Advantages | Disadvantages |
|---|---|
| Secure key distribution | Slower than symmetric encryption |
| Can be used for authentication and signatures | Not suitable for large data |
Hybrid Encryption
In practice, both methods are combined.
| Step | Actor | Action |
|---|---|---|
| 1 | Sender | Generate random symmetric key |
| 2 | Sender | Encrypt data with symmetric key (fast) |
| 3 | Sender | Encrypt symmetric key with receiver’s public key |
| 4 | Sender | Send encrypted data + encrypted symmetric key |
| 5 | Receiver | Decrypt symmetric key with private key |
| 6 | Receiver | Decrypt data with symmetric key |
Hash Functions
Generate a fixed-length hash value from arbitrary-length data. The original data cannot be recovered.
| Input | SHA-256 Output |
|---|---|
| ”Hello” | 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969 |
| ”Hello!” | 334d016f755cd6dc58c53a86e183882f8ec14f52fb05345887c8a5edd42c87b7 |
A single character change produces a completely different hash
Common Algorithms
| Algorithm | Output Length | Use Case |
|---|---|---|
| SHA-256 | 256-bit | General hashing |
| SHA-3 | Variable | Next-generation standard |
| bcrypt | Variable | Password hashing |
| Argon2 | Variable | Password hashing (recommended) |
Password Hashing
const bcrypt = require('bcrypt');
// Hash password
async function hashPassword(password) {
const saltRounds = 12;
return await bcrypt.hash(password, saltRounds);
}
// Verify password
async function verifyPassword(password, hash) {
return await bcrypt.compare(password, hash);
}
// Usage example
const hash = await hashPassword('mypassword123');
// → "$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8..."
const isValid = await verifyPassword('mypassword123', hash);
// → true
Always hash passwords before storing: Storing in plaintext is absolutely not acceptable. Use salted hash functions (bcrypt, Argon2).
Selection by Use Case
| Use Case | Recommended Method |
|---|---|
| Communication encryption (HTTPS) | TLS (hybrid encryption) |
| File encryption | AES-256-GCM |
| Password storage | Argon2, bcrypt |
| Data tampering detection | HMAC-SHA256 |
| Digital signatures | Ed25519, ECDSA |
| API key generation | CSPRNG + Base64 |
Summary
Encryption is a foundational technology for data security. Symmetric encryption is fast and suitable for encrypting large amounts of data, while public key encryption is suitable for key distribution and authentication. In practice, hybrid encryption combining both is used. Always use salted hash functions for password storage.
← Back to list