What is encryption?
Encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a “key”. The result of the process is encrypting information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).
What is a key?
A key is a piece of information (or parameter) that controls the operation of the encryption process. In encryption, a key specifies the particular transformation of plaintext into encrypted text.
Most encryption solutions offer the option to create an ’emergency disk’ that contains this key, which enables professionals to decrypt the data. In turn, this key contains the ‘cypher’, which dictates how the data encryption occurs.
What is a cypher?
A cypher is an algorithm for performing encryption and decryption — a series of steps to follow as a procedure. There are many different ways in which plaintext can be encrypted, but essentially there are two main processes used: symmetric key algorithms and asymmetric key algorithms
Symmetric key algorithms
This uses the same key to encrypt and decrypt the plaintext into cyphertext.
Asymmetric key algorithms
This uses different keys to encrypt and decrypt the plaintext into cyphertext.
Levels of encryption
In addition to different cyphers and key structures, there are also different levels of encryption; depending on the security requirements of the user.
There are two main types of encryption
This type of encryption only encrypts user files or directories and not any system files. In this case, the operating system is unsecure, so data is vulnerable from users without authorization.
This type of encryption encrypts all user files, directories and system files. In this case, the operating system is secure, so data is safe from users without authorization.
Full disk encryption for the boot disk has the issue that you have to decrypt the blocks where the operating system is before you boot the OS (i.e. before you load Windows, for example) meaning that the key has to be available before there is a user interface to ask for a password. This also means that an attacker may be able to use the same mechanism to recover the key, rendering the encryption software useless.
Problems with sector-level encryption
Possible solutions include:
- Using a dongle to store the key, assuming that the user will not allow to steal the dongle with the laptop/desktop
- Using a boot-time driver that can ask for a password from the user
- Using a network interchange to recover the key, for instance as part of a boot environment that does not need to access the hard disk
Is recovery from data encryption possible?
As with any other job, if the drive/tape etc., does not have too much severe damage, then a recovery may be possible. However, if there has been some kind of corruption whereby the data has not been encrypted correctly, then you might have to say good-bye to the data. This is because applying the decryption cypher will not translate the encrypted information correctly.
Remember – encryption brings its own set of risks!
As you can see, encryption is not a simple subject to tackle. There are many different ways data can be encrypted (and decrypted), but the most important thing to remember is that engineers cannot decrypt a drive unless they have the encryption credentials. This is either the username/password for the encryption or the emergency disk.
Furthermore, if the data experiences corruption in the process of encryption, there is no way of recovering this information, as the decryption process will not correctly translate the corrupted data. It is best to first consider carefully whether the data needs to be encrypted and what the level of encryption you require for it is.