Encryption is an essential step in cybersecurity that protects confidential information by turning it into scrambled gibberish. This ensures attackers can’t understand it, and only trusted individuals can make it understandable again.
There are different types of encryption, with different security and access levels. There are two main types of encryption:
- Symmetric, which uses a single key for encryption and decryption.
- Asymmetric, which relies on pairs of connected keys called a public key and private key. This means a different key is used for the encryption and decryption processes.
Asymmetric or public-key cryptography is an increasingly popular method used in modern technology. Here, we’ll explain how public and private key pairs work, and why they’ve become such a widely used form of encryption.
What are encryption keys?
First, let’s establish what a “key” is. In cryptography, it’s a tool that can turn readable data into something indecipherable. It’s not, as it may sound like, a plot device in Indiana Jones. Instead, an encryption key – or cryptographic key – is usually a string of numbers and letters. It’s processed through an encryption algorithm to convert unencrypted data (plaintext) into seemingly random jargon (aka ciphertext).
Do you ever chat with your friends on a secure messaging app? Maybe you’ve seen a lock icon in your browser or address bar while shopping online? Do you use 1Password? 😊 Then you’ve used encryption keys before. Apps will usually generate and call upon these keys automatically, so you never have to remember or type them in.
Private keys vs. public keys
You can think of public and private keys like interlocking puzzle pieces – they’re mathematically linked to one another and designed to go together.
As the name implies, the public key can be shared publicly, usually in a repository or directory. On the other hand, a private key should always be kept secret and safe. It’s used to decrypt data that’s been encrypted with your public key. Unlike a traditional password, it’s never known or stored by the person you’re talking to, or the app or service you’re trying to access.
An example of how it works
Public-key cryptography is used in a number of places, like HTTPS websites and cryptocurrency transactions. To understand how this protocol works in practice, let’s look at end-to-end encrypted messaging as an example.
Person A and Person B sign up for the latest secure messenger app. When they create their accounts, each person receives a public and private key pair. The public key is stored on the messenger’s server, while the private key is stored on the account holder’s devices.
Person A writes a message, encrypts it with Person B’s public key (available on the server), and then sends it.
The message passes through intermediaries – the messenger’s servers, Wi-Fi points, ISP, and more – but only Person B can decrypt it with their matching private key.
How encryption is used in passwordless
For the traditional sign-in process, we usually submit a username and password to sign in to online accounts. The website then checks that these details match the hashed information stored on its server.
Emerging passwordless solutions, like passkeys, use asymmetric encryption. When you create an account on a supported device or website, a public key is stored on the app or website’s server, and a corresponding private key is stored on your device.
When you return to sign in, the app or website issues a “challenge” encrypted with your public key. Your device uses the matching private key to create a digital signature and sends the signed challenge back to the provider, which authorizes you after it successfully decrypts the signature with your public key. Only then are you authenticated and signed in.
This approach has several advantages. First, you don’t have to share your private key to sign in. Second, you don’t have to remember or type in your private key, as your device or preferred authenticator does it for you! Passwordless technology will likely grow more prevalent in the coming years, in part due to these safer encryption methods at the heart of it.
1Password and public key encryption
1Password is designed from the ground up with maximum security in mind. All the data you save in 1Password is protected by a private key that uses 256-bit AES encryption.
To decrypt your data, you need three things:
- Your encrypted data
- Your account password
- Your Secret Key
A major reason we’re “secure by design” is that your account password and Secret Key are never stored on our servers. This means we couldn’t read your stored items if we tried. And if an attacker somehow stole your encrypted data from our servers, they wouldn’t have the means to decrypt it.
If you want to learn more about our security model, read the 1Password Security Design white paper. If you’re curious about any more specific details, or want to ask a question related to our security or privacy practices, you can also head over to 1Password Support.