Encryption is the process of scrambling data so that only someone with the right key can unscramble and read it. That's the whole concept. Everything else — the algorithms, the key lengths, the certificate authorities — is implementation detail.
The idea is ancient. Julius Caesar used a simple cipher that shifted letters by a fixed number of positions. Write A as D, B as E, and so on. The recipient knew the shift value — the key — and could reverse the process. An interceptor who didn't know the shift had to try 25 possible values, which was a manageable brute-force attack even in antiquity.
Modern encryption is Caesar's cipher made so mathematically complex that brute force is effectively impossible. The principles are similar. The mathematics is categorically different.
Symmetric Encryption: One Key for Both Sides
The simplest form of modern encryption uses a single key for both encrypting and decrypting data. You scramble a message with the key, send the scrambled version, and the recipient uses the same key to unscramble it. This is called symmetric encryption.
The obvious problem is getting the key to the recipient safely. If you send it over an unencrypted channel, anyone intercepting it can read your messages. If you need to meet in person to exchange keys, the system doesn't scale. Symmetric encryption is fast and efficient but has a fundamental key distribution problem.
Asymmetric Encryption: The Lock-and-Key Trick
Asymmetric encryption — also called public-key cryptography — solves the key distribution problem with a clever mathematical trick. Each party generates two mathematically linked keys: a public key they share openly with anyone, and a private key they never share with anyone.
Here's how it works: if you want to send someone an encrypted message, you use their public key to encrypt it. The mathematics are designed so that only their private key can decrypt it. You never need to exchange secrets. The public key can be posted on a website for anyone to see.
This system powers nearly everything on the modern internet. When your browser establishes an HTTPS connection, it uses asymmetric encryption to securely exchange the symmetric key it will use for the actual data transfer. Asymmetric encryption is computationally expensive, so it handles the key exchange. Symmetric encryption handles the bulk data.
Hashing: A Related but Different Concept
Hashing is often confused with encryption but serves a different purpose. A hash function takes input of any length and produces a fixed-length output. It's a one-way operation — you cannot reverse a hash to get the original input.
Hashes are used to verify integrity rather than to protect confidentiality. Websites store hashed versions of your password rather than the password itself. When you log in, they hash what you typed and compare it to the stored hash. If someone steals the database, they get hashes, not passwords — and recovering passwords from hashes requires brute force or precomputed tables.
End-to-End Encryption
End-to-end encryption means the data is encrypted on your device and decrypted only on the recipient's device. The service provider in the middle — the messaging app, the email provider — handles encrypted data they cannot read. Signal, WhatsApp, and iMessage all use end-to-end encryption for messages.
The practical significance is that even if the service provider's servers are compromised, or the provider is served with a legal demand, they cannot hand over readable message content. They only have ciphertext.
Why It's Not Magic
Encryption protects data in transit and at rest. It does not protect against attacks that occur before encryption or after decryption. If malware on your device is capturing keystrokes before they're encrypted, encryption doesn't help. If an attacker compromises the server at the other end, they get the decrypted data. Encryption is a powerful tool with well-defined limits.