In today’s world, most data is available electronically. Some data we don’t even have in physical form anymore – invoices, bills, even money are in the form of “e” entries.
Data is a tasty bite for others. And not only for hackers. Everyone would like to be able to see what the competition is doing, what are the orders, which pages are viewed the most.
That is why it is so important to properly secure our valuable data against unauthorized access and, equally important, to ensure that we have received the message from the right sender.
What is encryption?
Encryption is the encoding of information. The encryption process converts text or input file into a series of seemingly random characters that cannot be simply read. In addition to knowing the encryption algorithm, we must have the appropriate key (previously generated appropriate string of characters) that will allow to decrypt the encrypted message.
Various types of symmetric or asymmetric keys of various types can be used. The most popular are asymmetric RSA keys or those based on elliptic ECC curves, and among the symmetric keys we will most often find AES256.
Why do we need data encryption?
It would seem that we only need an encrypted connection. However, HTTPS is not enough. Data is encrypted during transmission, and then each process has access to it. Often, an encrypted connection ends up on specially dedicated devices (so-called SSL termination) and is sent unencrypted in the internal network.
With particularly sensitive data – personal or medical data – this is unacceptable. We must ensure that only authorized persons can read sensitive data.
Encryption or signing?
One of the commonly used encryption systems is PGP (Pretty Good Privacy). It gained its popularity in the 90s as the first publicly available data encryption system
The system was established in 1991. and interestingly, due to export restrictions, it could not be legally distributed outside the US. The restrictions were circumvented by printing the program code in 14 volumes, and a group of over 70 people scanned the codes, which took a total of over 1000 hours, but allowed for further development of the algorithm.
Currently, there are several versions of PGP – OpenPGP, GPG that are compatible with each other. The GPG version is used to sign Linux software packages.
PGP encryption is often used by financial institutions, especially banks.
Symmetric keys consist of two interdependent parts – public and private keys.
We have to exchange public keys. Private keys, as their name implies, must be kept hidden. Our security depends on them – someone could decrypt and view a message intended only for us, he could also pretend that we sent the message.
Encryption and signing are complex. First of all, remember that we encrypt using the recipient’s public key so that only he can read the message using his private key. When signing, it is the other way around – we sign the message using our private key so that the recipient, using our public key, can say that we sent it.
WSO2 PGP Connector
What if we had a tool that would take care of all the technical details? Maybe it would be enough to provide the keys, call the encryption or decryption function and that’s it? How to encrypt a file using PGP?
We can. To make life easier, we created the WSO2 PGP connector.
The connector does not require any initial configuration. If we want to encrypt the message, we execute the encryption operation and provide the recipient’s public key. We can additionally provide our private key if we want to sign the message.
The other way is similar. To decrypt the incoming message, we trigger the decryption operation by giving our private key.
Nothing else is needed. Thanks to this, we can secure the sent sensitive data, ensuring that it will not fall into the wrong hands.
I need to exchange encrypted data, but what are these keys about? What should I do? How to start?
Do not worry! We have several years of experience in building and implementing integration. Let me know, we will help you for sure!