InfoSec Notes
Understanding the fundamental processes of encryption and decryption, their differences, step-by-step operations, and practical applications in modern information security.
Core Concepts
Encryption and decryption are two complementary processes that form the foundation of cryptographic protection:
- Encryption: Transforms readable data (plaintext) into an unreadable format (ciphertext)
- Decryption: Reverses encryption, converting ciphertext back to original plaintext
The Encryption/Decryption Process
=====================================
ENCRYPTION
Plaintext + Key + Algorithm → Ciphertext
"Hello World" + K + AES → "x7#@!9kL..."
DECRYPTION
Ciphertext + Key + Algorithm → Plaintext
"x7#@!9kL..." + K + AES → "Hello World"
Properties
- Encryption is a reversible transformation
- Without the correct key, decryption is computationally infeasible
- The algorithm can be public (Kerckhoffs' Principle)
- Security resides entirely in the key
Step-by-Step Encryption Example
Caesar Cipher (Classical)
def demonstrate_encryption_decryption():
"""Step-by-step encryption and decryption demonstration."""
# === CAESAR CIPHER (Simple substitution) ===
print("=" * 50)
print("CAESAR CIPHER - Step by Step")
print("=" * 50)
plaintext = "SECURITY"
key = 7 # Shift value
print(f"\nPlaintext: {plaintext}")
print(f"Key (shift): {key}")
print(f"\nEncryption process:")
print(f"{'Char':<6}{'ASCII':<8}{'Shifted':<10}{'Result'}")
print("-" * 35)
ciphertext = ""
for char in plaintext:
original = ord(char) - ord('A')
shifted = (original + key) % 26
encrypted_char = chr(shifted + ord('A'))
ciphertext += encrypted_char
print(f"{char:<6}{original:<8}{shifted:<10}{encrypted_char}")
print(f"\nCiphertext: {ciphertext}")
# Decryption
print(f"\nDecryption process (reverse shift by {key}):")
decrypted = ""
for char in ciphertext:
original = ord(char) - ord('A')
shifted = (original - key) % 26
decrypted_char = chr(shifted + ord('A'))
decrypted += decrypted_char
print(f"Decrypted: {decrypted}")
print(f"Match: {decrypted == plaintext}")
demonstrate_encryption_decryption()AES Encryption (Modern)
Encryption vs Decryption Comparison
| Aspect | Encryption | Decryption |
|---|---|---|
| Input | Plaintext + Key | Ciphertext + Key |
| Output | Ciphertext | Plaintext |
| Purpose | Protect data from unauthorized reading | Recover original data for authorized users |
| Direction | Plaintext → Ciphertext | Ciphertext → Plaintext |
| Who performs | Sender / Data owner | Receiver / Authorized user |
| Computational cost | Similar to decryption | Similar to encryption |
| Failure impact | Data may be double-encrypted | Data corruption or error |
Types of Encryption
Encryption Classification
============================
By Key Type
├── Symmetric (same key for encrypt/decrypt)
│ ├── AES-256-GCM (recommended)
│ ├── ChaCha20-Poly1305
│ └── (Deprecated: DES, 3DES, RC4)
│
└── Asymmetric (different keys for encrypt/decrypt)
├── RSA (2048+ bits)
├── ECC/ECDH
└── ElGamal
By Data State
├── Encryption at Rest (stored data)
│ ├── Full Disk Encryption (BitLocker, LUKS)
│ ├── File-level encryption
│ └── Database TDE
│
├── Encryption in Transit (moving data)
│ ├── TLS 1.3 (web)
│ ├── IPSec (network)
│ └── SSH (remote access)
│
└── Encryption in Use (processing)
├── Homomorphic encryption
├── Secure enclaves
└── Confidential computing
Common Encryption Mistakes
# BAD: Using ECB mode (patterns visible)
# cipher = Cipher(algorithms.AES(key), modes.ECB()) # NEVER DO THIS
# BAD: Reusing IV/nonce with same key
# iv = b"\x00" * 16 # NEVER use static IV
# BAD: Using deprecated algorithms
# cipher = Cipher(algorithms.TripleDES(key), modes.CBC(iv)) # Deprecated
# BAD: Hardcoding keys in source code
# key = b"my_secret_key_123456789012345678" # NEVER hardcode
# GOOD: Proper encryption practices
import os
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
def encrypt_properly(plaintext: bytes, key: bytes) -> dict:
"""Proper encryption with authenticated encryption."""
# Generate random nonce for each encryption
nonce = os.urandom(12)
# Use authenticated encryption (GCM)
aesgcm = AESGCM(key)
ciphertext = aesgcm.encrypt(nonce, plaintext, None)
return {"nonce": nonce, "ciphertext": ciphertext}
def decrypt_properly(nonce: bytes, ciphertext: bytes, key: bytes) -> bytes:
"""Proper decryption with authentication verification."""
aesgcm = AESGCM(key)
return aesgcm.decrypt(nonce, ciphertext, None)Interview Questions
- What happens if you encrypt data twice with two different keys?
- Double encryption creates two layers of protection. To decrypt, you must apply decryption in reverse order with the correct keys. This is the basis of 3DES (which applies DES three times). However, double encryption with the same algorithm doesn't always double the security (meet-in-the-middle attack).
- Can encrypted data be compressed effectively?
- No. Good encryption produces output that appears random with high entropy. Compression works by finding patterns and redundancy — encrypted data has neither. Always compress BEFORE encrypting, never after.
- What is the difference between encoding, encryption, and hashing?
- Encoding transforms data format (Base64, URL encoding) — no security, easily reversible. Encryption transforms data for confidentiality — requires a key to reverse. Hashing creates a one-way fingerprint — cannot be reversed, used for integrity verification.
- Why must an IV/nonce be unique for every encryption operation?
- Reusing IV/nonce with the same key in stream-based modes (CTR, GCM) produces the same keystream. XORing two ciphertexts cancels the keystream, revealing XOR of plaintexts. In CBC mode, reuse leaks whether two messages share common prefixes.
- Explain the concept of authenticated encryption and why it matters.
- Authenticated encryption (AES-GCM, ChaCha20-Poly1305) provides both confidentiality and integrity in a single operation. Without authentication, an attacker can modify ciphertext and the recipient won't detect the tampering. Bit-flipping attacks and padding oracle attacks exploit unauthenticated encryption.
Summary
Encryption and decryption are complementary operations that together provide confidentiality for data. Modern best practices require authenticated encryption (AES-GCM or ChaCha20-Poly1305), proper key management, unique IVs/nonces, and appropriate key sizes. Understanding both processes is essential for implementing cryptographic protections correctly and avoiding common pitfalls that lead to security vulnerabilities.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Encryption vs Decryption.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, cryptography, encryption, decryption, encryption vs decryption
Related Information Security Topics