Encryption: What Is It and How Does It Work?

Millions of people from all over the world have access to the internet. Even so, we’re able to share messages, pay our bills, and exchange files online without all and sundry being able to read this sensitive information. This means that large parts of the internet aren’t available to everyone. These parts have been hidden away by encryption.

In our VPN reviews and news section we often talk about encryption and the importance of keeping your online data safe. But what is encryption exactly? What happens when you encrypt a file? What does WhatsApp mean when it tells you it uses ‘end-to-end encryption’ at the start of every conversation? And how does encryption in VPNs work? These questions – and more – will be answered in this article.

What Is Encryption?

Encryption coded messageEncryption is a way to encode data. It ensures your information won’t be visible or readable to anyone but the people in possession of the right ‘key’. Encryption happens through algorithms, which allow data to be decoded and read later. This process of decoding is called decryption. In this article, we’ll specifically be talking about online encryption. In such a case, data is encrypted and transferred online, to later be decrypted at its destination.

Even so, encryption also exists beyond the online world. Think of secret, coded messages in which each symbol represents a specific letter. An A would in truth represent a D, for example, a B an E, a C an F, and so on. If you’re aware of the algorithm behind the code, namely that each letter represents a letter three places further on in the alphabet, you’ll be able to read the actual message. The nonsensical message “EBIIL” suddenly becomes “HELLO”. Even Julius Caesar used this kind of encryption back in his day, which is why we call this method the Caesar cipher.

Encryption ensures your data can’t be read by people who shouldn’t have access to it. Moreover, it makes sure your data is sent to the correct recipient, while that recipient can rest assured it was really sent by you. In other words, encryption provides integrity: no one can access or change the encrypted documents, files and payments while they’re on their way from the recipient to the sender. That is, unless the key to the encryption has been compromised.

Among others, encryption is used by online platforms, webshops, messaging apps, banking environments and healthcare institutions that handle online files. Because they all use encryption, your personal data, forms and Amazon purchases remain private. Moreover, it allows large organizations to function without getting themselves into legal trouble. After all, if your healthcare provider were to leak your medical information because they haven’t encrypted their data, they’d be in serious trouble.

How Does Encryption Work?

Encryption is possible due to the existence of digital keys. You could picture encrypted data as a bunch of important papers in a locked safe: you can only access the papers if you have a key that fits the lock of the safe. If the safe falls into the hands of someone without a key, it won’t be of any use to that person: the papers remain inaccessible and the information unreadable.

Encrypting files online often involves exchanging data with others in a secure environment. To continue our metaphor: the safe travels from sender to receiver. With the correct keys, the sender can lock the safe (i.e. encrypt the data) and the receiver is able to open the safe (decrypt the data). As you may have guessed, it‘s very important that the key, the algorithm, is well chosen. If this algorithm is too simple, other parties, such as cybercriminals, could crack it and decipher the data regardless.

Generally, a distinction is made between two different methods of encryption. These are symmetric and asymmetric encryption.

Symmetric Encryption

With symmetric encryption, the same key is used to encrypt and decrypt information. This means that the key must be in the sender’s as well as in the receiver’s possession. The big advantage of symmetric cryptography is that it’s very fast. It manages to work quickly because it uses the same kind of encryption on both ends of the data traffic tunnel.

Symmetric encryption explained

Unfortunately, symmetric encryption also comes with a major drawback: if the recipient doesn’t own the key yet, it has to be sent to them, just like the encrypted information. This allows others to intercept this key and read the secret information regardless. Hackers and internet criminals could easily take advantage of this.

Symmetric encryption is especially useful for small, closed networks. It works well when you want to exchange data in a safe yet fast way. In addition, using symmetric encryption in a closed network isn’t too dangerous, because only a limited group of people has access to the network in the first place. Your data traffic is therefore automatically safe from outside attackers.

Asymmetric Encryption

Asymmetric encryption works with two different keys: a private and a public one. The public key is used to perform the encryption. Everyone has access to this key, so everyone can encrypt data this way. However, if you want to open the data, you need a private key, which is linked to the public key, but isn’t the same as that public key. Not everyone has access to this key, meaning your data will be protected from unwanted eyes. This process is also known as public key encryption.

Asymmetric encryption

Generally, asymmetric encryption is considered a more secure option than symmetric encryption. The chance of a leak is smaller, although the encryption itself makes the process slightly slower. After all, two different keys are used instead of one, which takes time.

Hashing and Encryption: What’s the Difference?

If you’ve heard of encryption, you may have come across the word “hashing” as well. Hashing and encryption aren’t the same thing, but both have to do with encoding data. The difference between them is the possibility of decryption. With encryption, the intention is that the data will be decrypted at a later stage. This isn’t the case with hashing: it merely encrypts data, without enabling decryption. To word it differently, hashing is a one-way street while encryption allows two-way traffic. This makes hashing very resistant to hacking, but also more limited in its capabilities.

A common example of hashing can be found when looking at password authentication. If you type in a password to enter an account, for example your email account, that password does not have to be decrypted later. In fact, it would be very dangerous if it was: others could simply read it out and use it against you. Instead, the password is “hashed” with a specific hashing code. The algorithm used is the same every time and unique to your account. Therefore, the system only has to compare the “original” hashing code with the hashing code associated with your newly entered password. If the two match, the system knows you’ve entered the correct password and will forward you to your inbox. If not, you won’t be able to enter the account.

Different Kinds of Encryption

Encryption can work in several ways. We’ve already talked about the difference between symmetric and asymmetric encryption. In addition, there are more specific ways of encryption. This works through protocols and algorithms. A protocol is the broader, more general set of rules that determine the functioning of a network. The algorithm used within that protocol decides how this works exactly and in more detail.

In this section, we’ll focus on the different protocols used in general encryption. These protocols all work slightly differently. Each protocol has its own advantages and disadvantages. We’ve listed some of the most common protocols below.

SSL (TLS)SSL is short for Secure Sockets Layer. A new version, TSL, has been developed, but the old name seems to have stuck: we generally still refer to this protocol as SSL. The SSL protocol has been in use since 1995 and provides a secure connection between a website’s visitor and its server. SSL ensures other parties can’t intercept or modify your information and is widely used. Its technology is strong, reliable, and secure.
RSAThis protocol is short for Rivest, Shamir, and Adleman, the people who made the technology public in 1977. It was one of the first public cryptosystems to be used and still secures data traffic to this day. RSA is an asymmetric protocol based on prime numbers. In general, this protocol is considered quite slow.
PGPPGP stands for Pretty Good Privacy. This protocol especially does a good job when encrypting digital messages, such as emails. It was first used in 1991 and works with asymmetric encryption. With PGP, you can encrypt messages and provide emails with a digital signature, so the recipient of a message can be sure you’re its legitimate sender. It also encrypts your metadata, so nobody will know you’ve sent out anything at all. This protocol is quite popular and very safe.
SHASHA (Secure Hash Algorithms) does not refer to one protocol, but to a family of encryption functions created by the NSA, the US security service. The different versions of SHA are SHA-0, SHA-1, SHA-2, and SHA-3. SHA cryptography is a form of hashing rather than encryption: it’s irreversible. It creates unique hashes and was specifically made to secure particularly important and sensitive data.
SSHSSH stands for Secure Shell. This encryption protocol is used to log into all kinds of platforms. It is, in essence, an improved version of earlier, weaker protocols. This protocol is widely used in corporate networks to enable working remotely and sharing files more easily within the network.

Digital Certificates

List with magnifying glassAs a regular internet user, it can be quite hard to check whether the encryption used to send messages, payments and other important information can really be trusted. That’s why digital certificates exist. With a digital certificate, you can be sure that the keys used to send on information, such as a online form you filled out for your health insurance, have been verified.

Do you want to check whether your online environments are secure? There’s an easy way to do this for SLL/TLS. Simply look for the lock in the left corner of your address bar. If this lock is closed (and possibly green), the encryption between your device and the website is activated and legit – at least, most of the time. We’ll talk more about this in a moment. If the lock is open and red, you aren’t using a secure connection. For more specific information on the digital certificate of a specific website, click the lock and check the certificate. If you’d like to know more about this topic, you can find everything you need to know in our article on HTTP and HTTPS connections.

The Danger of False Digital Certificates

Unfortunately, checking a website’s digital certificate is not a definitive solution. There are many certificate authorities (CA) that can’t be trusted. As a result, websites that don’t offer an actual secure connection are also able to receive certificates. Due to this, it might appear as if you’re safe and your data is well-encrypted, because you see a closed lock next to the web address, but the opposite is actually true.

False digital certificates are most commonly given in the SSL/TLS realm. With these certificates, websites promise a secure HTTPS connection, but don’t actually provide it. For example, a phishing website that’s actually in the hands of an internet criminal may have a certificate, making it appear reliable. So how can you know for sure whether a website is trustworthy? There are a number of ways. Always closely inspect the URL, in addition to checking the website’s certificate. If you have to enter your personal data somewhere, be extra careful and don’t share sensitive data if there is anything suspicious about the website. For more information about malicious links and websites, you can have a look at our article “What is phishing?”.

Encryption on WhatsApp and Social Media

You’d probably prefer to keep your messages on WhatsApp private. Nobody should have access to that information except you and the person you’re messaging. To ensure this, WhatsApp has been using end-to-end encryption since 2016. You may recognize the message below from your own WhatsApp conversations:

WhatsApp end-to-end encryption message

In 2014, WhatsApp was taken over by Facebook. Since Facebook isn’t exactly known for their perfect treatment of their users’ privacy, many users were concerned about their private messages on WhatsApp after this buy. End-to-end encryption, however, ensures that no one, including Facebook, can view your WhatsApp messages. The same goes for your WhatsApp phone and video calls. This encryption is enabled by default, so you don’t have to adjust any special settings in order to enjoy this protection.

End-to-end encryption isn’t unique to WhatsApp. Other platforms and social media also use it to protect user conversations. Think of Facebook Messenger, Snapchat, Telegram, Signal and Wire. Some popular anonymous email providers such as ProtonMail also use this form of encryption.

How do I check whether my WhatsApp is secure?

WhatsApp gives you the opportunity to check for yourself whether your WhatsApp encryption works properly. Every conversation you have on WhatsApp has its own encryption code. You can find this code by tapping the name of a contact at the top of a conversation, and then going to “Encryption“. Only you and the person you’re talking to will be able to access the code shown. This unique code ensures your messages are only visible to the two of you. You can check whether the encryption works properly by comparing or scanning the codes (tap “scan code” at the bottom). This code changes when you reinstall WhatsApp, change your phone number, or use a new phone.

Encryption with a VPN

VPN shieldA VPN protects your internet connection, so your online data can’t be read by anyone and you’re better protected against online dangers, such as malicious hackers. Moreover, it gives you increased online freedom, because a VPN allows you to get around online blocks.

VPN providers use encryption to make all of this happen. However, in order to be able to provide high-level privacy and anonymity, they need more than just one key to encrypt messages. VPNs safeguard the security and anonymity of their users by carefully shielding all of their data traffic, often using complex encryption algorithms and protocols. Here are examples of such algorithms.

Algorithms used by VPNs

  • Blowfish: symmetrical, effective encryption that’s unpatented. Blowfish uses 64 bit encryption, which makes it somewhat vulnerable.
  • 3DES: symmetric encryption algorithm that’s more advanced than the normal DES algorithm. The latter is fairly easy to crack because of its short keys (56 bits). 3DES uses three of those keys in a row to form a more complicated pattern.
  • AES-128: successor of the DES algorithm and works with 128 bits. AES encryption is also known as the Rijndael algorithm. AES is a very safe and reliable algorithm. There are different forms of it, depending on the number of bits.
  • IPSec: stands for Internet Protocol Security and is part of the well-known VPN protocol L2TP/IPSec, in which IPSec takes care of the encryption and authentication of data.
  • MPPE: stands for Microsoft Point-to-Point Encryption. Within VPN connections, this form of encryption tends to be part of the PPTP protocol.
  • Camellia: is part of the TLS (SSL) protocol and is a symmetric encryption algorithm. Camellia’s capabilities and security levels are roughly the same as AES’s, making it a very secure algorithm.
  • AES-256: form of AES encryption that works with 256 bits. This is considered the most secure form of encryption and is the standard for most decent premium VPN services.

VPNs can use several types of protocols to encrypt data. These protocols use different types of encryption and determine how data is sent through your computer and the VPN server. Some examples of these protocols are OpenVPN, WireGuard, L2TP/IPsec, PPTP, IKEv2, and SSTP. If you want to know more, you can read our full article on VPN protocols, where we also explain the advantages and disadvantages of each protocol.

Why Is Encryption Important?

As you can imagine, securing your private data is extremely important. This data could be used against you in countless ways. If a cybercriminal manages to get a hold of your data, that could have all kinds of nasty consequences, such as an empty bank account. That’s why it’s so important to take the right measures to protect your online data.

Partly, this is up to you. However, the websites, apps and platforms you use can also help. By means of encryption, they ensure that your data – along with their own data – remains safe during your communication. Without it, the internet would be a much more dangerous place. That’s why it’s wise to be aware of the usefulness of encryption and how it works. Finally, we would recommend that you use a VPN, which will use advanced encryption to ensure that almost all your data traffic remains safe.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of VPNoverview.com. Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.