# About data encryption

On this page:

## Overview

Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

Data can be encrypted in two ways: at rest and in transit.

**Note:**

## Encryption at rest

Encryption at rest refers to the encryption of data storage, whether in a database, on a disk, or on some other form of media.

**Note:**

Examples of encryption at rest include:

- BitLocker disk encryption
- macOS FileVault
- Database encryption
- VeraCrypt

## Encryption in transit

Encryption in transit refers to data that is encrypted as it traverses a network, including via web applications, smartphone apps, chats, and so on. Data is in transit from the point at which the data leaves the storage drive or database until it's re-saved or delivered to its destination. Protecting information in transit essentially ensures protection from others attempting to snoop or eavesdrop on information as it traverses the network.

Examples of encryption in transit include:

### Symmetric key algorithms

Symmetric key algorithms use related, often identical keys to both encrypt and then decrypt information. In practice, this is known mostly as a shared secret between two or more parties.

### Asymmetric key algorithms

Asymmetric key algorithms use different keys to encrypt and decrypt information; one key encrypts (or locks) while the other decrypts (or unlocks). In practice, this is known mostly as a public/private key; the public key can be shared openly, but the private key should not be. In most cryptographic systems, it is extremely difficult to determine the private key values based on the public key.

Using public/private keys, the lock/unlock algorithm can work in two ways. For example, Alice can encrypt a message with Bob's public key, and then send it to Bob. Only the holder of Bob's private key should be able to decrypt and read the message. Conversely, Alice could encrypt a message with her own private key, and while anyone else in the world could read the message, they could use Alice's public key to verify the message must have come from Alice.

Common technologies that rely on public key cryptography include TLS/SSL and S/MIME.

For more, see Public-key cryptography.

*This is document* bgpo *in the Knowledge Base.*

*Last modified on* 2021-06-01 12:15:42*.*