Encryption Support
4/8/2010
Encrypting data allows it to be stored on non-secure media or transmitted on a non-secure network without compromising the data. The encryption function of CryptoAPI encrypts data by using an encryption key. To decrypt the data, the corresponding decryption key must be used.
The following list shows the two methods of encrypting data with the encryption function:
- Symmetric encryption, in which the same key is used for both encryption and decryption of data.
- Public-key encryption, in which two separate keys are used.
Symmetric Encryption
Using the same key makes this encryption method very fast; however, to maintain tight security, the keys must be changed frequently.
CryptoAPI supports block cipher or stream-based symmetric encryption. The following table shows the algorithms that it supports.
Supported stream-based encryption algorithms | Supported cipher encryption algorithms |
---|---|
RC2 RC4 |
DES 3DES |
Symmetric encryption requires exchanging a shared secret. When two parties are exchanging information while they are not within physical proximity to each other, this exchange can be accomplished through the use of Diffie-Hellman key exchange or through public-key encryption.
Public-Key Encryption
With public-key encryption, two separate keys are used. A public key is used for encrypting data and the corresponding private key is used for decrypting data.
Because the algorithms for this encryption method are very slow, public-key encryption is usually used in combination with symmetric encryption to encrypt other keys or to digitally sign files.