Data Encryption Basics
Encryption is the process of converting readable data (Plaintext) into an unreadable format (Ciphertext) using an algorithm and a key. This prevents unauthorized access (eavesdropping) during transmission over insecure networks like the Internet.
Plaintext
"Hello"
Ciphertext
"Xy@9!q"
Key Size & Security
The security of encryption heavily relies on the size of the key (measured in bits, e.g., 128-bit, 256-bit). A larger key size means there are exponentially more possible combinations. This makes it much harder for attackers to guess the key using brute-force attacks (trying every possible combination).
Decryption
Decryption is the reverse process. It turns the unreadable Ciphertext back into the original Plaintext. To decrypt successfully, the receiver MUST have the correct corresponding key. Without the key, the ciphertext remains useless garbage data.
Thinking Point: The Key Sharing Problem
Now we know we need a key to lock and unlock data. But if you and your friend are in different countries, how do you safely send them the key without a hacker stealing it on the internet? Let's see how different encryption types solve this...
Symmetric vs Asymmetric Encryption
Understanding the two main types of encryption algorithms and how they handle keys.
Symmetric Cryptography
Because there is only ONE key. Both the sender and receiver must keep this single key an absolute secret. If anyone else finds it, the system is broken.
Analogy: Like a physical house key. You use the exact same key to lock the door when you leave, and unlock it when you return.
Uses the SAME key for both encryption and decryption.
Very fast processing speed. Highly suitable for encrypting large amounts of data (e.g., hard drives, large files).
Key Distribution Problem: How do you safely share the secret key with the receiver over the internet without a hacker intercepting it?
Asymmetric Cryptography
Because it introduced a revolutionary idea: a key that you can safely make public to the whole world, paired with a private key you keep secret.
Analogy: Like an open padlock. You can give open padlocks (Public Key) to anyone. They can snap it shut on a box to secure it. But ONLY YOU have the actual key (Private Key) to open it later.
Uses a mathematically linked PAIR of keys.
- Data encrypted with the Public Key can ONLY be decrypted by the matching Private Key. (For Confidentiality)
- Data encrypted with the Private Key can be decrypted by the matching Public Key. (For Digital Signatures / Authentication)
Solves the key distribution problem. You can freely share your Public Key with anyone without compromising security.
Much slower and requires more processing power than symmetric encryption. Not ideal for large files.
Thinking Point: The Identity Problem
Asymmetric encryption is great! We can just share our Public Keys. But wait... what if a hacker creates a fake Public Key and claims to be the bank? How do we prove a Public Key actually belongs to the real person or company? We need a trusted system...
Public Key Infrastructure (PKI)
What is PKI?
PKI is a comprehensive framework (policies, software, hardware) that manages digital keys and certificates. Its main purpose is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email.
Certification Authority (CA)
A CA is a trusted third-party organization responsible for issuing, revoking, and managing Digital Certificates. Think of them as the "Passport Office" of the internet.
Hong Kong Context:
In Hong Kong, the Hongkong Post is a recognized public CA under the Electronic Transactions Ordinance. It issues e-Certs to citizens and businesses to support secure online transactions.
Digital Certificates
A Digital Certificate is an electronic document used to prove the ownership of a public key. Think of it as a digital ID card (like an HKID) for the internet.
What does it contain?
- Owner's Identity (Name, Email, Organization)
- Owner's Public Key
- Expiry Date
- Issuer (The CA's name)
- Digital Signature of the CA (To prove the certificate is genuine and not tampered with)
Major Functions of PKI / Digital Certificates:
- Authentication: Verify the identity of the sender or a website (e.g., ensuring you are really on the HSBC website).
- Support Data Encryption: Provide the verified Public Key of the receiver so you can encrypt data sent to them.
- Non-repudiation: Through digital signatures, ensure the sender cannot deny having sent the message.
- Data Integrity: Ensure data has not been altered during transmission (via hash functions used in signatures).
Thinking Point: Putting it all together
We now have all the puzzle pieces: Keys, Encryption, Signatures, and Certificates. But how do they actually work together when you send an email or a file? Let's run a visual simulation to see the exact steps!
Interactive Simulation: Secure Messaging
Alice wants to send a confidential contract to Bob, and Bob needs to be sure it really came from Alice. Let's see how PKI achieves this.
Alice (Sender)
Bob (Receiver)
Thinking Point: Exam Readiness
You've mastered the concepts and seen them in action! Now, how does the HKDSE exam actually test this knowledge? Let's look at the 'Golden Rules' to secure your marks and try some real questions.
DSE Exam Mastery & Real Questions
The Golden Rule of PKI Questions
In the DSE exam, when asked how a file is encrypted or signed, you MUST clearly specify WHOSE key and WHICH key is used. Vague answers like "use public key" or "use a key" will score 0 marks.
Cheat Sheet: Sender A sends to Receiver B
| Security Goal | Action | Key Used (Crucial!) |
|---|---|---|
| Confidentiality (Only B can read) |
A Encrypts | Receiver B's Public Key |
| B Decrypts | Receiver B's Private Key | |
| Authentication / Non-repudiation (Prove A sent it) |
A Signs (Digital Signature) | Sender A's Private Key |
| B Verifies Signature | Sender A's Public Key |
Concept Check MCQ
Q: To ensure ONLY Mary can read a confidential document sent by Peter, which key should Peter use to encrypt it?
Real DSE Multiple Choice Question
Which of the following are the major functions of PKI?
- To ensure the integrity of data transmitted over the Internet.
- To support a longer password.
- To support data encryption.