Generally when someone wants to encrypt a file, folder or email they use a password to protect it. Many people use Microsoft Office Suite's inbuilt encryption which is part of Word, Excel, Access and PowerPoint. Another commonly used application is WinZip which holds multiple files and can be password-protected.
While such options are fast, simple and often free they do not offer the greatest security in the world. People frequently choose short passwords, write them down and even include them in an email or as part of a secondary email which in turn facilitate password cracking, interception of the password in the email or someone seeing the password on a Post-it note.
So what other option is there? Key-based encryption. It might cost a bit more and be hard to set up but, once set up, it can often be easier to use than entering a password. And what is a key file? It is a file which contains many characters, lower case, upper case, numbers and special characters. Key files vary in size but often they are over 1000 characters long.
Most people protect data using a basic password of about 8 to 12 characters and generally this can be cracked by various methods which can take weeks, day, hours or even minutes. The more characters the higher the mathematical combinations. Imagine if you could protect your data with a password of 1024 characters.
Let’s do some maths. Say the key file contained: lower case alphabet (26), upper case alphabet (26) and numbers (10). That is 62 characters to choose from and 1024 in length. The calculation is too long to even contemplate and would take thousands of years to break.
Below is a sample of a public key. More about public/private keys in another article.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBE7x7t8RBADjNXVKPbFqO+0cdUkYwpAnHwaqiHBwbbeQ3FFZk+HOwNmU
hwXnbIpxbnp0ESQmIC48iZEVh5CJexJ/rlA6z5WgsmMlQ9tzwxZjt00snyhR4UW/pV
ridc3fhXfNUJ156qsfsxQLKEUugHflzrsksKpEG0dVbC06KJLMALghicJY5wCgw+P8
p8j4tjLqKpuKQzM07/ynCF0EAJVwSPK2TMtRHionzapNf/jxwAeQmnNp5zTQ2vr8o
a1Od4+B3akJJthwz2hluUhzx54HZUGH79BgPfGK46041IxsAXTkGxwQzlFtqU+Cr
Tz72gicuq/DysNQOKQ7nnp2xHJekBdRKxfxQq8zVzF3ZJKPGngBcxGwPI8n6LpC
bwIeA/sGFIxPrl61ITiNfxsz6FKYwZkVfKBq5x4VXtgf+QyzpIqt7ORl1/LfyCYwvgp30
BWp4zGGkGf/RWh3yIdE410aXfM0hFz5ivZovhasv66QpY0POLJQJy5rYLdYjY+ZuT
LeTdbI2b2vuY0lb+AZ0BqqNzbh6jPR+mYVkOmUPflMdLQkZ3JhZW1lIChncmFlbW
UpIDxncmFlbWVAZ3JhZWZkZi5jb20+iGYEExECACYFAk7x7t8CGyMFCQHhM4A
GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCPSu7XkPRGCza9AJ9wbRApi
62jQFa2gVyiwXQLGj0R/ACfc9/e7bhKrRSmC3fi07llqirBPxa5AQ0ETvHu3xAEAL2oht
xZ9UOhZ+AvbRl1Uw72Yf933NOgLN8v/2UhcxspQgdh8VocL7LSOwSwX7kxlBxB0
vU6KUPJy3InTS3ynOXTeC0X8IHNk7fJNUaHGyoxy/bqAUJmRNc788AB0BxA5nE
14jSF5c8OWR9copzXIWIF12ViB9067jZbjECoOK5fAAMFA/4wuTEo30UAQ/s5aEF
e4BKgJt7uO4eKt2TdeIEyRi01V2wcvJKOOCk+Wx2TjfCNPdA6i1PcmRrx+CrOHc9
GCMu8+xlcUOUmUajTkdFmWiCWXDH2u/6051rJjF210a7z/LwjYvgXyDtrZpr5dv7w
EI8FyGjvU92M9XsnamKM12bDbohPBBgRAgAPBQJO8e7fAhsMBQkB4TOAAAoJEI
9K7teQ9EYLv5cAn1JerOCkgG8moCQMOK7rL3ahmoPdAJ480p/8IhHirLwb9xW4A
azk
9HiaIg==
=1pyk
-----END PGP PUBLIC KEY BLOCK-----
To encrypt a file and decrypt you need to have the key file on hand, otherwise the file is totally useless and would be nearly impossible to decrypt. To decrypt and encrypt the file would have to be installed on the PC. An email channel could be set up so that both have the key installed to make encrypting/decrypting at both ends ultra simple, secure and fast.
Using key-based encryption means one-box encryption and it’s impossible to lose the password. Key files can be used to encrypt folders, files, emails, hard drives and even entire USB devices. A document which has been stolen and is protected by a password can be broken; if found, a file which is key file encrypted is pretty much useless. The main concern is the backing up of the key file and making it secure. If the key file is lost (i.e. a hard drive fails) then your data is worthless. It is therefore best practice to store a copy of the key file offsite, perhaps even in a paper form in a safe or isolated IT system.