Introduction to common encryption systems

The encryption system has three basic deployment directions: storage, transmission, and authentication. Because the Internet is not a trusted transmission channel, there may be various threats, such as listening, interception, and malicious modification. Therefore, the transmission direction is the biggest direction for enterprises to require encryption systems. As enterprises pay more and more attention to local data security, the storage, especially the storage encryption market for mobile devices, is becoming increasingly popular.
Storage

The main function of the encryption system is to ensure that sensitive data is not accessed by unauthorized users and to ensure data integrity through the Hash algorithm. The common encryption algorithms are 3DES, Blowfish, and AES, the RSA symmetric encryption algorithm is often used when the data volume is relatively small. The common algorithm used for verification is MD5. Currently, common products on the market include software-based encryption for specific targets (files, folders, databases, etc.) and full-disk encryption, such as commercial PGP, open-source TrueCrypt, and GPG, and encryption storage devices integrated with encryption chips, such as Seagate and other manufacturers' products.

Transmission

The main function of the encryption system is to ensure that the data transmitted by users is not threatened by attackers during transmission through untrusted transmission channels, and to ensure the integrity and authenticity of the transmitted data. Application encryption systems in this area are more complex than those used in storage, and key distribution needs to be considered, therefore, a common form of transmission encryption system is to use symmetric encryption and asymmetric encryption algorithms to encrypt and distribute symmetric encryption keys first, use symmetric encryption to ensure data processing and transmission speed. In addition, the encryption system for transmission is divided into connection encryption and end-to-end encryption based on the encrypted network layer. Connection Encryption encrypts all data connected to specific data, generally, in communication with higher security levels, end-to-end encryption only encrypts data, including route information and other network data, it is more suitable for low security levels such as the Internet. Encryption systems used in transmission include various encryption tunnels implemented by software, such as SSH, IPsec, VPN, and application-level end-to-end encryption such as PGP, HTTPS, SMIME, and PEM, in terms of hardware, there are various firewalls with VPN functions and network cards with encryption functions.

Certification

The main function of the encryption system is to confirm the identity of the Information sender, verify the integrity of the received information, and provide non-repudiation. The implementation of these functions relies on the combination of asymmetric encryption and Hash algorithms. The signature of the private key of the other party is compared with the public key to confirm the identity of the Information sender, and the information is verified using the Hash algorithm. Currently, encryption systems for authentication are mainly implemented by software, such as various PKI, PGP, and GPG, A small number of encryption systems also use smart cards and flash drives that write private keys or security certificates to increase the security of the encryption system.