Cryptographic methods form the foundation of all e-commerce transactions. For the purposes of e-commerce, applied cryptography is the study of the process of creating cipher text (encrypted text) from plain text (human readable text). The types of encryption relevant to e-commerce are listed in the table below.
| Encryption type|| Description|| Common algorithms and uses|
|Symmetric key||Uses a single key to encrypt and decrypt data.||DES, Triple DES, RC2; used for encrypting large amounts of data.|
|Asymmetric key||Uses a mathematically related public/private key pair; also known as public key encryption.||RSA enables secure key exchange. Diffie/Hellman explains the concept of key exchange.|
|One way||A one way encryption algorithm produces ciphertext that cannot be taken BACK to the original plaintext.||Used for signing data and transactions.|
|Hash function||A smaller numerical representation of the plaintext.||A hash of a message is encrypted using one way encryption to become the signature for that message.|
|Applied encryption||Uses a combination of symmetric, asymmetric, and one-way encryption for enhanced security.||Email, credit card encoding, S/MIME and SSL protocols, SETs, payment gateways.|Symmetric encryption
is necessary because it encrypts data quickly and it is relatively secure. However, it is very difficult to distribute the symmetric keys securely in an e-commerce setting. Because the same key both encrypts and decrypts the data, you must keep the key secret. Yet, how do you get this key to its destination once you have encrypted the message?
handles this process, because it is able to use a key pair, where one key is made freely available and the other remains completely private.
For example, an email program uses symmetric encryption to encrypt the actual data. It uses asymmetric encryption to encrypt symmetric keys. It then uses one-way encryption
to sign the data to ensure that the information has not been tampered with.
This is all encrypted to the receiver's public key, then sent across the network wire. When the receiver gets the message, the receiver uses the private key (the second half of the key pair) to decrypt the asymmetric encryption
. The receiving computer decrypts the text with the symmetric key, then calculates the hash value. If the hash value is correct, the message has not been tampered with, and the email browser that supports these protocols allows the message to be read.
The Slide Show below describes how this process works.