S
Home Cryptography ยท Updated 2026-07-08

Encryption

Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a key. Only parties with the correct decryption key can reverse the process. Encryption is the foundational control for data confidentiality across all security domains.


Symmetric Encryption

Uses the same key for both encryption and decryption. Fast and efficient for large volumes of data.

Algorithm Key Size Mode Notes
AES 256-bit GCM Gold standard โ€” authenticated encryption
AES 256-bit CBC + HMAC-SHA256 Acceptable where GCM is unavailable
ChaCha20-Poly1305 256-bit โ€” Preferred on mobile / low-power devices

Avoid: DES, 3DES, RC4, Blowfish, AES-ECB.

Why not ECB mode? ECB encrypts identical plaintext blocks to identical ciphertext blocks, leaking structural patterns. Always use an authenticated mode (GCM, CCM) or CBC with a separate MAC.

Key Distribution Problem

Symmetric encryption requires both parties to share the key securely before communication begins. This is typically solved by using asymmetric encryption to exchange the symmetric key (hybrid encryption).


Asymmetric Encryption

Uses a mathematically linked key pair: a public key (freely distributed) for encryption or signature verification, and a private key (kept secret) for decryption or signing.

Algorithm Key Size Use Case
RSA-OAEP 3072-bit+ Key encapsulation, legacy TLS
ECDSA / EdDSA P-256 / Ed25519 Digital signatures
ECDH / X25519 โ€” Key agreement (TLS, Signal Protocol)

Avoid: RSA-2048 for new systems (NIST recommends 3072+ post-2030), plain RSA (no padding), DSA.


Hybrid Encryption

In practice, all modern protocols combine both approaches:

  1. Sender generates a random symmetric session key.
  2. Session key is encrypted with the recipient's public key (asymmetric).
  3. Data is encrypted with the session key (symmetric โ€” fast for bulk data).
  4. Recipient decrypts the session key with their private key, then decrypts the data.

Examples: TLS 1.3, PGP, Signal Protocol, SSH.


Encryption in Transit

Protects data moving between systems โ€” networks, APIs, microservices, browsers.

Protocol Selection

Protocol Status Notes
TLS 1.3 Required Current standard; use exclusively for new systems
TLS 1.2 Acceptable Disable weak cipher suites; enable PFS
TLS 1.1 Deprecated Disable immediately
TLS 1.0 Deprecated Disable immediately
SSL 3.0 / 2.0 Prohibited POODLE, DROWN โ€” critical vulnerabilities

Cipher Suite Guidance (TLS 1.2)

Prefer cipher suites that provide Perfect Forward Secrecy (PFS):

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

Disable: RC4, export ciphers, NULL ciphers, 3DES, anonymous DH.

Best Practices

  • Enforce HSTS (HTTP Strict Transport Security) with max-age โ‰ฅ 1 year and includeSubDomains
  • Submit to the HSTS preload list for public-facing services
  • Implement certificate pinning for high-value mobile applications
  • Use OCSP stapling to validate certificate revocation at scale
  • Automate certificate renewal (Let's Encrypt / ACME protocol)
  • Monitor TLS configuration regularly using tools like testssl.sh

Encryption at Rest

Protects data stored on disk, databases, backups, and removable media.

Layers of Protection

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  Application-level encryption       โ”‚  โ† Highest protection; survives DB breach
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  Database TDE (Transparent Data     โ”‚  โ† Protects files on disk
โ”‚  Encryption)                        โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  File-system / volume encryption    โ”‚  โ† Protects against physical theft
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  Full-disk encryption (FDE)         โ”‚  โ† Baseline; protects powered-off devices
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Apply defense-in-depth. FDE is the minimum for all workstations and servers. Sensitive fields (PII, secrets, payment data) should also have application-level encryption.

Key Technologies

Layer Technology
Full-disk (Windows) BitLocker (AES-256 + TPM 2.0)
Full-disk (Linux) LUKS2 with AES-256-XTS
Full-disk (macOS) FileVault 2
Database (SQL Server) Transparent Data Encryption (TDE)
Database (PostgreSQL) pgcrypto extension or column-level
Cloud storage AWS S3 SSE-KMS, Azure Storage Service Encryption
Secrets HashiCorp Vault, AWS Secrets Manager, Azure Key Vault

Key Management

Strong encryption is only as secure as its key management. A poorly managed key negates any algorithmic strength.

Key Hierarchy

Hardware Security Module (HSM) or Cloud KMS
  โ””โ”€โ”€ Key Encryption Key (KEK) โ€” long-lived, rarely accessed
        โ””โ”€โ”€ Data Encryption Key (DEK) โ€” rotated regularly
              โ””โ”€โ”€ Encrypted data

Best Practices

  • Never hard-code keys in source code, configuration files, or container images
  • Store all cryptographic keys in a dedicated key management system (KMS) or HSM
  • Enforce separation of duties: key custodians must not also access the protected data
  • Log every key access, generation, and revocation event
  • Define and test emergency key rotation procedures for suspected compromise
  • Establish key expiry โ€” data encryption keys should expire after a defined period

Rotation Schedule

Key Type Rotation Frequency
Data encryption keys (DEKs) Annually or on suspected compromise
Key encryption keys (KEKs) Every 2โ€“3 years or on personnel change
TLS certificates At expiry (automate; never manual)
API keys / secrets Every 90 days or on personnel change
SSH host keys On infrastructure rebuild

Common Pitfalls

Mistake Risk Correct Approach
AES in ECB mode Pattern leakage; deterministic Use AES-GCM or CBC+HMAC
Nonce/IV reuse Catastrophic for GCM; breaks security Generate random IVs; never reuse
Rolling your own crypto Subtle, catastrophic flaws Use vetted libraries (OpenSSL, libsodium)
Keys stored with encrypted data Defeats the purpose Physically and logically separate
MD5 or SHA-1 for integrity Collision attacks Use SHA-256 or SHA-3
Hardcoded secrets in repos Credential exposure via git history Use secrets managers; scan repos with tools

Approved Cryptographic Libraries

Language Library
Python cryptography (pyca/cryptography)
Java / Kotlin Bouncy Castle, JCA/JCE
.NET / C# System.Security.Cryptography
Go crypto/aes, golang.org/x/crypto/chacha20poly1305
Node.js Built-in node:crypto, libsodium-wrappers
Rust ring, RustCrypto crates
C / C++ libsodium, OpenSSL 3.x

Rule: Never implement cryptographic primitives yourself. Use a well-audited, widely deployed library.


Regulatory Reference

Regulation / Standard Encryption Requirements
PCI DSS 4.0 AES-256 for cardholder data; TLS 1.2+ for transmission
HIPAA Encryption "addressable" but effectively required
GDPR Article 32 Encryption as an appropriate technical measure
FIPS 140-2 / 140-3 Government systems must use validated cryptographic modules
NIST SP 800-57 Comprehensive key management recommendations
ISO 27001 A.10 Cryptographic controls policy required
The Security Architecture Site โ€” for internal reference use. Back to contents