Encryption — Core Concepts
What Encryption Actually Does
Encryption transforms plaintext (readable data) into ciphertext (scrambled data) using a mathematical algorithm and a key — a string of bits that controls how the scrambling works.
The same plaintext encrypted with different keys produces completely different ciphertext. Without the correct key, decrypting the data is computationally infeasible — not impossible in theory, but it would take longer than the age of the universe to brute-force.
Two Flavors: Symmetric vs Asymmetric
Symmetric Encryption
One key does both jobs — encrypt and decrypt. Both parties must share the same secret key beforehand.
Example: AES (Advanced Encryption Standard). Your iPhone uses AES-256 to encrypt everything on its storage. The key is derived from your passcode.
Strength: Fast. Can encrypt gigabytes per second on modern hardware.
Weakness: Key distribution problem — how do you securely share the key with someone you’ve never met?
Asymmetric Encryption
Two mathematically linked keys: a public key (share it with everyone) and a private key (never leave your machine).
Anything encrypted with your public key can only be decrypted by your private key. It’s one-way by design.
Example: RSA, ECC (Elliptic Curve Cryptography). Used for SSH logins, code signing, and HTTPS handshakes.
Strength: Solves the key distribution problem — publish your public key, anyone can encrypt a message only you can read.
Weakness: Slow. 100-1,000x slower than symmetric encryption.
How HTTPS Combines Both
Your browser uses asymmetric encryption just long enough to negotiate a shared symmetric key, then switches to symmetric for the actual data transfer.
- Browser connects to
bank.com - Server sends its public key (wrapped in a certificate)
- Browser verifies the certificate was signed by a trusted authority (like DigiCert or Let’s Encrypt)
- Browser encrypts a random session key using the server’s public key
- Server decrypts it with its private key — now both sides have the same session key
- All further communication uses fast AES encryption with that session key
This is TLS (Transport Layer Security), what the 🔒 padlock actually means.
Common Misconception
“Encryption means nobody can read my data.”
Encryption protects data in transit and at rest — but only if the keys stay secret. If a service has your encryption key (like most cloud storage providers do), they can read your data. If malware steals your key while it’s loaded in memory, game over.
End-to-end encryption (used by Signal, WhatsApp) is different: the service provider never has your key. Only you and the recipient do. Even if Signal’s servers are compromised, the messages are unreadable.
Key Concepts Summary
| Concept | What it means |
|---|---|
| Plaintext | The original, readable data |
| Ciphertext | The scrambled, encrypted output |
| Key | The secret that controls encryption/decryption |
| Symmetric | One shared key — fast, but key-sharing is hard |
| Asymmetric | Public/private key pair — solves key distribution |
| TLS/HTTPS | Uses both: asymmetric to exchange a symmetric key |
| End-to-end | Provider never holds the key — only sender and receiver |
One Thing to Remember
The security of encryption isn’t about the algorithm being secret — modern algorithms like AES are fully public. The secret is the key. Lose the key, lose the data. That’s why “forgot my password” can sometimes mean “your files are gone forever.”
See Also
- Apis What is an API? Think of it as a waiter who takes your order and brings back exactly what you asked for.
- Git Why do millions of programmers obsess over a tool that saves old versions of their work? Because without it, one bad day can delete months of effort.
- Graphql Why do apps ask for exactly the data they need — and why that's a bigger deal than it sounds?