Encryption and digital signatures
Encryption and digital signatures use mathematical processes for somewhat diferent purposes. Both have been in use for many years.
Encryption (also called cryptography) is intended to transform a document (usually text) into a format that cannot be read without having the right tool (a “key”).
Digital signatures use similar tools to ensure either (or both) that the originator of the document is the person who “signed” it and that the document has not been modified after it has been signed.
Why is this an issue?
As activities migrate to cyberspace, it has become essential to protect the confidentiality of valuable and sensitive data, i.e. the ability to read such data is restricted to a limited number of authorized individuals.
Similarly, it has become important to be able to demonstrate that the data’s integrity, i.e. that the data has not been modified by an unauthorized third party.
What you should do about it
A private individual (as against a corporate entity) should consider several different situations:
- The encryption of some or all the documents in a computer or smartphone so that, should the device be stolen or lost, the personal information in the device is not readable by the new “owner”. While an expert having the knowledge, tools and time can break such encryption a casual thief or finder will most likely give up
- The use of encryption in everyday activities, such as electronic mail is good to ensure the privacy of such communication However, given that it has been reported that there are surveillance mechanisms that track electronic communications, the use of encryption – totally legal – draws attention to the parties to such exchanges. As a result, it is prudent to remember that electronic mail is essentially the same as sending a machine-readable postcard and you would not put the details of your credit card on a postcard, would you?
- The use of digital signatures is advisable when there is a risk of dispute about the authenticity and/or accuracy of a document or transaction
If you need to provide sensitive information such as a credit card number to someone you really trust, instead of encryption you could apply the technique described in 4.8 on condition you use words other than the ones you use to encode your PINs.
Finding encryption and digital signature tools is relatively easy. Your favourite search engine should be your best friend