Encryption

data recovery secure Encryption is the commonly used term that describes the transformation of plaintext, using an algorithm called a "cipher" into an unreadable form to anyone except those possessing a "key". The result of the process is encrypted information or "ciphertext".

"Encyphering" along with "decyphering" are the correct terms when you know the cipher and key. "Decrypt" actually means to decode a message when you do not know the cypher (key), such as in codebreaking.

Full Disk Encryption does not replace file or directory encryption in all situations. Disk encryption is sometimes used in conjunction with filesystem-level encryption with the intention of providing a more secure implementation. Since disk encryption uses the same key for encrypting the whole volume, all data are decryptable when the system runs. If an attacker gains access to the computer at run-time, he has access to all files. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.

Filesystem-Level Encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

The advantages of filesystem-level encryption include:
  • flexible file-based key management, so that each file can and usually is encrypted with a separate encryption key
  • individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume
  • access control can be enforced through the use of public-key cryptography
  • the fact that cryptographic keys are only held in memory while the file that is decrypted by them is held open.