Encryption is an essential step in cybersecurity that protects confidential information by turning it into scrambled gibberish. This ensures attackers canât understand it, and only trusted individuals can make it understandable again.
There are different types of encryption, with different security and access levels. There are two main types of encryption:
- Symmetric, which uses a single key for encryption and decryption.
- Asymmetric, which relies on pairs of connected keys called a public key and private key. This means a different key is used for the encryption and decryption processes.
Asymmetric or public-key cryptography is an increasingly popular method used in modern technology. Here, weâll explain how public and private key pairs work, and why theyâve become such a widely used form of encryption.
What are encryption keys?
First, letâs establish what a âkeyâ is. In cryptography, itâs a tool that can turn readable data into something indecipherable. Itâs not, as it may sound like, a plot device in Indiana Jones. Instead, an encryption key â or cryptographic key â is usually a string of numbers and letters. Itâs processed through an encryption algorithm to convert unencrypted data (plaintext) into seemingly random jargon (aka ciphertext).
Do you ever chat with your friends on a secure messaging app? Maybe youâve seen a lock icon in your browser or address bar while shopping online? Do you use 1Password? đ Then youâve used encryption keys before. Apps will usually generate and call upon these keys automatically, so you never have to remember or type them in.
Private keys vs. public keys
You can think of public and private keys like interlocking puzzle pieces â theyâre mathematically linked to one another and designed to go together.
As the name implies, the public key can be shared publicly, usually in a repository or directory. On the other hand, a private key should always be kept secret and safe. Itâs used to decrypt data thatâs been encrypted with your public key. Unlike a traditional password, itâs never known or stored by the person youâre talking to, or the app or service youâre trying to access.
An example of how it works
Public-key cryptography is used in a number of places, like HTTPS websites and cryptocurrency transactions. To understand how this protocol works in practice, letâs look at end-to-end encrypted messaging as an example.
Person A and Person B sign up for the latest secure messenger app. When they create their accounts, each person receives a public and private key pair. The public key is stored on the messengerâs server, while the private key is stored on the account holderâs devices.
Person A writes a message, encrypts it with Person Bâs public key (available on the server), and then sends it.
The message passes through intermediaries â the messengerâs servers, Wi-Fi points, ISP, and more â but only Person B can decrypt it with their matching private key.
How encryption is used in passwordless
For the traditional sign-in process, we usually submit a username and password to sign in to online accounts. The website then checks that these details match the hashed information stored on its server.
Emerging passwordless solutions, like passkeys, use asymmetric encryption. When you create an account on a supported device or website, a public key is stored on the app or websiteâs server, and a corresponding private key is stored on your device.
When you return to sign in, the app or website issues a âchallengeâ encrypted with your public key. Your device uses the matching private key to create a digital signature and sends the signed challenge back to the provider, which authorizes you after it successfully decrypts the signature with your public key. Only then are you authenticated and signed in.
This approach has several advantages. First, you donât have to share your private key to sign in. Second, you donât have to remember or type in your private key, as your device or preferred authenticator does it for you! Passwordless technology will likely grow more prevalent in the coming years, in part due to these safer encryption methods at the heart of it.
1Password and public key encryption
1Password is designed from the ground up with maximum security in mind. All the data you save in 1Password is protected by a private key that uses 256-bit AES encryption.
To decrypt your data, you need three things:
- Your encrypted data
- Your account password
- Your Secret Key
A major reason weâre âsecure by designâ is that your account password and Secret Key are never stored on our servers. This means we couldnât read your stored items if we tried. And if an attacker somehow stole your encrypted data from our servers, they wouldnât have the means to decrypt it.
If you want to learn more about our security model, read the 1Password Security Design white paper. If youâre curious about any more specific details, or want to ask a question related to our security or privacy practices, you can also head over to 1Password Support.
Ready to protect yourself?
Keep all of your accounts secure with 1Password, the worldâs most-trusted password manager. Get started today with a free 14-day trial.
Try free for 14 daysAndrew Zangre
Content Marketing Manager
Tweet about this post