Lesson 7 | E-commerce and encryption |

Objective | Define encryption methods and types. |

Cryptographic methods form the foundation of all e-commerce transactions. For the purposes of e-commerce, applied *cryptography* is the study of the process of creating cipher text (encrypted text) from plain text (human readable text). The types of encryption relevant to e-commerce are listed in the table below.

Encryption type | Description | Common algorithms and uses |

Symmetric key | Uses a single key to encrypt and decrypt data. | DES, Triple DES, RC2; used for encrypting large amounts of data. |

Asymmetric key | Uses a mathematically related public/private key pair; also known as public key encryption. | RSA enables secure key exchange. Diffie/Hellman explains the concept of key exchange. |

One way | A one way encryption algorithm produces ciphertext that cannot be taken BACK to the original plaintext. | Used for signing data and transactions. |

Hash function | A smaller numerical representation of the plaintext. | A hash of a message is encrypted using one way encryption to become the signature for that message. |

Applied encryption | Uses a combination of symmetric, asymmetric, and one-way encryption for enhanced security. | Email, credit card encoding, S/MIME and SSL protocols, SETs, payment gateways. |

For example, an email program uses symmetric encryption to encrypt the actual data. It uses asymmetric encryption to encrypt symmetric keys. It then uses

The Slide Show below describes how this process works.

- To understand how public-key cryptosystems work, consider two users, Alice and Bob. Both users have a public/private key pair.
- When Alice wants to send a signed, encrypted message to Bob, she indicates that she wants the message signed and encrypted, and sends the message.
- Alice's email program selects a random symmetric key to encrypt the message and creates a message digest of the message.
- The program encrypts the digest with Alice's private key to create a signature. The random symmetric key is encrypted to Bob's public key
- The entire package containing the encrypted symmetric key, the encrypted message digest or signature, and the encrypted message is sent to Bob.
- Bob's email program uses his secret key to decrypt the encrypted random key, which is then used to decrypt the message.
- To ensure the message was from Alice, the program decrypts the message digest using Alice's public key. If Alice's public key decrypts the message digest, then Bob knows that only Alice could have encrypted it.
- Bob's program cannot reverse the message digest because of its one-way nature. The program can ensure that the message was not tampered with by calculating a message digest from the original message and matching it to the message digest sent from Alice.

[1]*Symmetric encryption:* Encryption that uses the same key to encrypt and decrypt information.

[2]*Asymmetric encryption:* Encryption that creates a public key and a private key. The private key remains secret, on your computer. You can freely disseminate the public key.