Encryption software

From Wikipedia, the free encyclopedia

Jump to navigationJump to search
Encryption software is software that uses cryptography to prevent unauthorized access to
digital information.[1][2] Cryptography is used to protect digital information on computersas well
as the digital information that is sent to other computers over the Internet.[3]

Contents

 1Classification
 2Data in transit
 3Data at rest
 4Transit of data at rest
 5See also
 6References
 7External links

Classification[edit]
There are many software products which provide encryption. Software encryption uses
a cipher to obscure the content into ciphertext. One way to classify this type of software is by
the type of cipher used. Ciphers can be divided into two categories: public key ciphers (also
known as asymmetric ciphers), and symmetric key ciphers. Encryption software can be based
on either public key or symmetric key encryption.
Another way to classify software encryption is to categorize its purpose. Using this approach,
software encryption may be classified into software which encrypts "data in transit" and
software which encrypts "data at rest". Data in transit generally uses public key ciphers, and
data at rest generally uses symmetric key ciphers.
Symmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream
ciphers typically encrypt plaintext a bit or byte at a time, and are most commonly used to
encrypt real-time communications, such as audio and video information. The key is used to
establish the initial state of a keystream generator, and the output of that generator is used to
encrypt the plaintext. Block cipher algorithms split the plaintext into fixed-size blocks and
encrypt one block at a time. For example, AES processes 16-byte blocks, while its predecessor
DES encrypted blocks of eight bytes.
There is also a well-known case where PKI is used for data in transit of data at rest.

Data in transit[edit]
Data in transit is data that is being sent over a computer network. When the data is between
two endpoints, any confidential information may be vulnerable. The payload (confidential
information) can be encrypted to secure its confidentiality, as well as its integrity and validity. [4]
Often, the data in transit is between two entities that do not know each other - such as in the
case of visiting a website. As establishing a relationship and securely sharing an encryption
key to secure the information that will be exchanged, a set of roles, policies, and procedures to
accomplish this has been developed; it is known as the public key infrastructure, or PKI. Once
PKI has established a secure connection, a symmetric key can be shared between endpoints.
 A symmetric key is preferred to over the private and public keys as a symmetric cipher is much
more efficient (uses less CPU cycles) than an asymmetric cipher.[5][6]
Below are some examples of software that provide this type of encryption.

 IP Security (IPsec)
 Secure copy (SCP)
 Secure Email
 Secure Shell (SSH)
 SSH File Transfer Protocol (SFTP)
 Web Communication - HTTPS

Data at rest[edit]
Data at rest refers to data that has been saved to persistent storage. Data at rest is generally
encrypted by a symmetric key.
Encryption may be applied at different layers in the storage stack. For example, encryption can
be configured at the disk layer, on a subset of a disk called a partition, on a volume, which is a
combination of disks or partitions, at the layer of a file system, or within user space applications
such as database or other applications that run on the host operating system.
With full disk encryption, the entire disk is encrypted (except for the bits necessary to boot or
access the disk when not using an unencrypted boot/preboot partition). [7] As disks can be
partitioned into multiple partitions, partition encryption can be used to encrypt individual disk
partitions.[8][8] Volumes, created by combining two or more partitions, can be encrypted
using volume encryption.[9] File systems, also composed of one or more partitions, can be
encrypted using filesystem-level encryption. Directories are referred to as encrypted when the
files within the directory are encrypted.[10][11] File encryption encrypts a single file. Database
encryption acts on the data to be stored, accepting unencrypted information and writing that
information to persistent storage only after it has encrypted the data. Device-level encryption, a
somewhat vague term that includes encryption-capable tape drives, can be used to offload the
encryption tasks from the CPU.

Transit of data at rest[edit]

When there is a need to securely transmit data at rest, without the ability to create a secure
connection, user space tools have been developed that support this need. These tools rely
upon the receiver publishing their public key, and the sender being able to obtain that public
key. The sender is then able to create a symmetric key to encrypt the information, and then
use the receivers public key to securely protect the transmission of the information and the
symmetric key. This allows secure transmission of information from one party to another.
Below are some examples of software that provide this type of encryption.

 GNU Privacy Guard (GnuPG or GPG)

 Pretty Good Privacy (PGP)

See also[edit]
 Cryptography portal

 Cryptographic Protocol
  Public Key (Asymmetric) Algorithms
 Symmetric Algorithms
 Transport Layer Security
 Comparison of disk encryption software

References[edit]
1. ^ Thakur, Dinesh. "Cryptography - What is Cryptography?".
2. ^ "What is encryption? - Definition from WhatIs.com". SearchSecurity. Retrieved 25 April2017.
3. ^ "Why We Encrypt - Schneier on Security".
4. ^ "Guide to Cryptography - OWASP".
5. ^ Villanueva, John Carl. "Symmetric vs Asymmetric Encryption".
6. ^ "Symmetric vs. Asymmetric Encryption - CipherCloud". 4 October 2013.
7. ^ "How Whole Disk Encrypytion Works" (PDF).
8. ^ Jump up to:a b "How to encrypt a single partition in Linux - TechRepublic".
9. ^https://www.jetico.com/web_help/bcve3_enterprise/html/01_introduction/02_what_is_ve.htm V
olume Encryption
10. ^ "How IT Works: Encrypting File System".
11. ^ "PDS Software Solutions LLC".

External links[edit]
 Encryption software at Curlie

hide

Cryptographic software

Mail

rypt

Mail

mail

Gpg4win)

ct

ok

eed

derbird

OTR Adium
 BitlBee

Centericq

ChatSecure

climm

Jitsi

Kopete

MCabber

Profanity

Dropbear

lsh

OpenSSH

SSH PuTTY

SecureCRT

WinSCP

wolfSSH

Bouncy Castle

BoringSSL

Botan

cryptlib

GnuTLS

JSSE

LibreSSL
TLS
MatrixSSL
&
NSS
SSL
OpenSSL

mbed TLS

RSA BSAFE

SChannel

SSLeay

stunnel

wolfSSL

Check Point VPN-1

VPN
Hamachi
 Openswan

OpenVPN

SoftEther VPN

strongSwan

Tinc

CSipSimple

Jitsi

RTP Linphone

Jami

Zfone

Bitmessage

P2P RetroShare

Tox

Matrix

OMEMO

Conversations

Cryptocat

ChatSecure

Proteus
DRA
Signal Protocol

Google Allo

Facebook Messenger

Signal

TextSecure

WhatsApp

rypt

cker

Crypt

oloop

ryptor

ypt

Sentry
 tfs

ault

TFE

isk

e Disk

disk

y 2020

rypt

Crypt

net

Anon Proxy

Share

het

tfs

erhose

-LAFS

et

it

ool
e of cryptography

ine of cryptography

functions

ographic hash function

f hash functions

ME

 Category

 Commons

 Portal
Categories:
 Cryptographic software