Okay so you have some data that you need to store.

You need to be able to get the data back at a later time.

Of course while it's stored it should be unreadable to anyone that doesn't have

the keys to the data.

This is where encryption comes into play.

Encryption is a very broad area of cryptography.

But we're going to define it as means of turning readable data into unreadable data

and back again.

Encryption, unlike hashing, is a two-way street.

Let me define a couple of terms real quick.

First is plaintext, this is the, well, plain text or

data that you want to encrypt.

This is your secret, if you will.

Second is ciphertext.

Ciphertext is text or data that is meaningless by itself.

Ciphertext is the encrypted version of your plain text.

Encryption is the process of turning plain text into ciphertext.

Decryption is reversing the process and turning ciphertext back into plain text.

Like we talked about before encryption and

cryptography is a pretty old area of study.

People have been writing secret messages for the vast majority of recorded history.

For now let's focus on common reasons for encryption and general methods for

doing so.

Like most secret messages like history,

encryption is most commonly used in communication.

When you connect your website, use an SSL certificate, your communication to that

website and it's to you about encrypted and the secret.

When you send a message to your friend in an app like WhatsApp or

Signal that message is also encrypted.

Communication between two parties is probably the most common use of encryption

on today's internet.

Wait, what's the harm on not using a secure HTTP connection?

When you request the URL maybe it includes some query string parameters or

has your password in the HTTP header as form data.

All of that is visible to anyone that's tapped in the connection between you and

the server.

If you're using HTTPS though,

that SSL certificate encrypts all of that data so no one can inspect it.

We'll cover SSL, in more detail, in a future course.

But, for now, check the teacher's notes for more info if you're interested.

You might also wanna encrypt data that you're storing for legal purposes.

For example, project Callisto is a college campus focus tool for

reporting sexual assault.

Callisto encrypts all reports before storing them securely so

that only the reporter can access them.

You may want to do the same with any sensitive information provided to you, or

your users, or internally.

There're two main styles of encryption that you'll likely to encounter.

Symmetric and Asymmetric encryption.

In symmetric encryption, the plain text is encoded and decoded using the same key.

Which means, everyone in the circles has to have the key.

If the key is ever compromised, all of the encrypted data can be unencrypted and

stolen or abused.

With asymmetric encryption, everyone has two keys one private and one public.

To send me an encrypted message, you encrypt it using my public key and

I would decrypt it with my private one.

Symmetric encryption seems to be declining in popularity lately.

But encryption methods such as AES, blowfish and idea all use it.

That isn't to say that asymmetric, or

public key encryption is impervious to attack of course.

But attacks on it are often more difficult than is economically viable.

Common public key encryption usages nowadays are things like the off

the record messaging feature that's built into mini chat programs.

Technologies like SSL and SSH are actually a combination of public and private keys.

Whatever encryption you decide to use,

it's often a good idea to keep keys fresh and stored in a safe place.

We'll talk more about encryption later but now is a good time to start thinking about

place that you might need to securely encrypt data.