# Encryption software

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Encryption_software
> Markdown URL: https://mediated.wiki/source/Encryption_software.md
> Source: https://en.wikipedia.org/wiki/Encryption_software
> Source revision: 1346591102
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Software that uses cryptography

**Encryption software** is [software](/source/Software) that uses [cryptography](/source/Cryptography) to prevent unauthorized access to digital information.[1][2] Cryptography is used to protect digital information stored on [computers](/source/Computers) as well as information transmitted over computer networks such as the [Internet](/source/Internet).[3]

## Classification

Many software products provide encryption. Encryption software uses a [cipher](/source/Cipher) to transform plaintext into [ciphertext](/source/Ciphertext). One way to classify this type of software is the type of cipher used. Ciphers can be divided into two categories: [public key](/source/Public-key_cryptography) ciphers (also known as asymmetric ciphers), and [symmetric key](/source/Symmetric_key_algorithm) ciphers.[4] Encryption software can be based on either public key or symmetric key encryption.

Another way to classify software encryption is to categorize its purpose. Using this approach, software encryption may be classified into software which encrypts "[data in transit](/source/Data_in_transit)" and software which encrypts "[data at rest](/source/Data_at_rest)". Data in transit generally uses public key ciphers, and data at rest generally uses symmetric key ciphers.

Symmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream ciphers typically encrypt plaintext a bit or byte at a time, and are most commonly used to encrypt real-time communications, such as audio and video information. The key is used to establish the initial state of a keystream generator, and the output of that generator is used to encrypt the plaintext. Block cipher algorithms split the plaintext into fixed-size blocks and encrypt one block at a time. For example, AES processes 16-byte blocks, while its predecessor DES encrypted blocks of eight bytes.

## Data in transit

Data in transit is data that is being sent over a [computer network](/source/Computer_network). When the data is between two endpoints, any confidential information may be vulnerable. The payload (confidential information) can be encrypted to secure its confidentiality, as well as its integrity and validity.[5]

Often, the data in transit is between two entities that do not know each other - such as in the case of visiting a website. To establish trust and securely share encryption keys between parties, a framework of roles, policies, and procedures known as the [public key infrastructure](/source/Public_key_infrastructure) (PKI) has been developed. Once PKI has established a secure connection, a symmetric key can be shared between endpoints. A symmetric key is preferred over public-key encryption for bulk data transfer as a symmetric cipher is much more efficient (uses fewer CPU cycles) than an asymmetric cipher.[6][7] There are several methods for encrypting data in transit, such as [IPsec](/source/IPsec), [SCP](/source/Secure_copy), [SFTP](/source/SSH_File_Transfer_Protocol), [SSH](/source/Secure_Shell), [OpenPGP](/source/OpenPGP) and [HTTPS](/source/HTTPS).

## Data at rest

Data at rest refers to data stored on [persistent storage](/source/Persistent_storage). Data at rest is generally encrypted by a [symmetric key](/source/Symmetric-key_algorithm).

Encryption may be applied at different layers in the storage stack. For example, encryption can be configured at the [disk](/source/Disk_storage) layer, on a subset of a disk called a [partition](/source/Disk_partitioning), on a [volume](/source/Volume_(computing)), which is a combination of disks or partitions, at the layer of a [file system](/source/File_system), or within [user space](/source/User_space) applications such as [database](/source/Database_encryption) or other applications that run on the host [operating system](/source/Operating_system).

With full disk encryption, the entire disk is encrypted (except for the bits necessary to boot or access the disk when not using an unencrypted boot/preboot partition).[8] As disks can be partitioned into multiple partitions, partition encryption can be used to encrypt individual disk partitions.[9] Volumes, created by combining two or more partitions, can be encrypted using [volume encryption](/source/Volume_encryption).[10] File systems, also composed of one or more partitions, can be encrypted using [filesystem-level encryption](/source/Filesystem-level_encryption). A directory is considered encrypted when the files it contains are encrypted.[11][12] File encryption encrypts a single file. Database encryption acts on the data to be stored, accepting unencrypted information and writing that information to persistent storage only after it has encrypted the data. Device-level encryption, a somewhat vague term that includes encryption-capable tape drives, can be used to offload the encryption tasks from the CPU.

## Transit of data at rest

When there is a need to securely transmit data at rest, without the ability to create a secure connection, user space tools have been developed that support this need. These tools rely upon the receiver publishing their public key, and the sender being able to obtain that public key. The sender is then able to create a symmetric key to encrypt the information, and then use the receiver's public key to securely protect the transmission of the information and the symmetric key. This allows secure transmission of information from one party to another. [*[citation needed](https://en.wikipedia.org/wiki/Wikipedia:Citation_needed)*]

## Performance

The performance of encryption software is measured relative to the speed of the CPU. Thus, **cycles per byte** (sometimes abbreviated **cpb**), a unit indicating the number of [clock cycles](/source/Clock_cycles) a [microprocessor](/source/Microprocessor) will need per [byte](/source/Byte) of data processed, is the usual [unit of measurement](/source/Unit_of_measurement).[13] Cycles per byte serve as a partial indicator of real-world [performance](/source/Algorithmic_efficiency) in [cryptographic](/source/Cryptographic) [functions](/source/Function_(computer_science)).[14] Applications may offer their own encryption, often called native encryption, including database applications such as Microsoft SQL, Oracle, and MongoDB, and commonly rely on direct usage of CPU cycles for performance. This often impacts the desirability of encryption in businesses seeking greater security and ease of satisfying compliance by impacting the speed and scale of how data within organizations through to their partners.[15]

## See also

- [Code as speech](/source/Code_as_speech)

- [Cryptographic Protocol](/source/Cryptographic_protocol)

- [Public Key (Asymmetric) Algorithms](/source/Public-key_cryptography)

- [Symmetric Algorithms](/source/Symmetric-key_algorithm)

- [Transport Layer Security](/source/Transport_Layer_Security)

- [Comparison of disk encryption software](/source/Comparison_of_disk_encryption_software)

- [Defense strategy (computing)](/source/Defense_strategy_(computing))

- [Ransomware](/source/Ransomware): Malicious software using encryption

## References

1. **[^](#cite_ref-1)** Thakur, Dinesh (5 May 2013). ["Cryptography - What is Cryptography?"](https://web.archive.org/web/20170327170456/http://ecomputernotes.com/computernetworkingnotes/security/cryptography). Archived from [the original](http://ecomputernotes.com/computernetworkingnotes/security/cryptography) on 27 March 2017. Retrieved 27 March 2017.

1. **[^](#cite_ref-2)** ["What is encryption? - Definition from WhatIs.com"](http://searchsecurity.techtarget.com/definition/encryption). *SearchSecurity*. Retrieved 25 April 2017.

1. **[^](#cite_ref-3)** ["Why We Encrypt - Schneier on Security"](https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html). 23 June 2015.

1. **[^](#cite_ref-4)** Chandra, Sourabh; Paira, Smita; Alam, Sk Safikul; Sanyal, Goutam (Nov 2014). "A comparative survey of Symmetric and Asymmetric Key Cryptography". *2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE)*. IEEE. pp. 83–93. [doi](/source/Doi_(identifier)):[10.1109/ICECCE.2014.7086640](https://doi.org/10.1109%2FICECCE.2014.7086640). [ISBN](/source/ISBN_(identifier)) [978-1-4799-5748-4](https://en.wikipedia.org/wiki/Special:BookSources/978-1-4799-5748-4). [S2CID](/source/S2CID_(identifier)) [377667](https://api.semanticscholar.org/CorpusID:377667).

1. **[^](#cite_ref-5)** ["Guide to Cryptography - OWASP"](https://web.archive.org/web/20140407071624/https://www.owasp.org/index.php/Guide_to_Cryptography). Archived from [the original](https://www.owasp.org/index.php/Guide_to_Cryptography) on 2014-04-07. Retrieved 2017-03-27.

1. **[^](#cite_ref-6)** Villanueva, John Carl (2025). ["Symmetric vs Asymmetric Encryption"](https://web.archive.org/web/20170327170307/http://www.jscape.com/blog/bid/84422/Symmetric-vs-Asymmetric-Encryption). Archived from [the original](http://www.jscape.com/blog/bid/84422/Symmetric-vs-Asymmetric-Encryption) on 2017-03-27. Retrieved 2017-03-27.

1. **[^](#cite_ref-7)** ["Symmetric vs. Asymmetric Encryption - CipherCloud"](https://web.archive.org/web/20180815164104/https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/). 4 October 2013. Archived from [the original](https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/) on 15 August 2018. Retrieved 27 March 2017.

1. **[^](#cite_ref-8)** ["How Whole Disk Encrypytion Works"](https://web.archive.org/web/20170323052718/http://www.kapalya.com/wp-content/uploads/2016/02/how_wholedisk_encryption_works_WP_21158817.en-us.pdf) (PDF). Archived from [the original](http://www.kapalya.com/wp-content/uploads/2016/02/how_wholedisk_encryption_works_WP_21158817.en-us.pdf) (PDF) on 2017-03-23. Retrieved 2017-03-27.

1. **[^](#cite_ref-techrepublic.com_9-0)** ["How to encrypt a single partition in Linux - TechRepublic"](https://www.techrepublic.com/article/how-to-encrypt-a-single-partition-in-linux/). 19 October 2016.

1. **[^](#cite_ref-10)** ["What is Volume Encryption"](http://web.archive.org/web/20160617191702/http://www.jetico.com:80/web_help/bcve3_enterprise/html/01_introduction/02_what_is_ve.htm). *www.jetico.com*. Archived from [the original](http://www.jetico.com:80/web_help/bcve3_enterprise/html/01_introduction/02_what_is_ve.htm) on 2016-06-17. Retrieved 2026-02-08.

1. **[^](#cite_ref-11)** ["How IT Works: Encrypting File System"](https://technet.microsoft.com/en-us/library/2006.05.howitworks.aspx).

1. **[^](#cite_ref-12)** ["PDS Software Solutions LLC"](https://web.archive.org/web/20180719194744/https://www.trustpds.com/). Archived from [the original](https://www.trustpds.com/) on 2018-07-19. Retrieved 2017-03-27.

1. **[^](#cite_ref-ibm_13-0)** ["Processor allocation"](http://publib.boulder.ibm.com/infocenter/systems/scope/hw/index.jsp?topic=/iphb1/iphb1_vios_planning_sea_procs.htm).

1. **[^](#cite_ref-skein_14-0)** ["Engineering comparison of SHA-3 candidates"](https://web.archive.org/web/20191013051919/http://skein-hash.info/sha3-engineering). Archived from [the original](http://skein-hash.info/sha3-engineering) on 2019-10-13. Retrieved 2019-09-24.

1. **[^](#cite_ref-15)** ["Businesses fail to apply encryption technology effectively"](https://www.computerweekly.com/news/252455881/Businesses-fail-to-apply-encryption-technology-effectively). *ComputerWeekly.com*. Retrieved 2020-04-23.

## External links

v t e Cryptographic software Email clients Apple Mail Autocrypt Claws Mail Enigmail GPG Gpg4win GPG Mail Kontact Outlook p≡p PGP Proton Mail Sylpheed Thunderbird Secure communication OTR Adium BitlBee Centericq ChatSecure climm Jitsi Kopete Profanity SSH Dropbear lsh OpenSSH PuTTY SecureCRT WinSCP wolfSSH TLS & SSL BBM Enterprise Bouncy Castle BoringSSL Botan cryptlib GnuTLS JSSE LibreSSL MatrixSSL NSS OpenSSL mbed TLS BSAFE SChannel SSLeay stunnel TeamNote wolfSSL VPN Check Point VPN-1 Hamachi Openswan OpenVPN SoftEther VPN strongSwan Tinc WireGuard ZRTP Jitsi Linphone Jami Zfone P2P Bitmessage Briar RetroShare Tox DRA Matrix OMEMO Cryptocat ChatSecure Proteus Session Signal Protocol Facebook Messenger Google Allo Google Messages Signal TextSecure WhatsApp Zangi Olvid Disk encryption (Comparison) BestCrypt BitLocker Cryptoloop dm-crypt DriveSentry E4M eCryptfs FileVault FreeOTFE GBDE geli LUKS PGPDisk Private Disk Scramdisk Sentry 2020 TrueCrypt History VeraCrypt Anonymity GNUnet I2P Java Anon Proxy Mixnet Tor Vidalia RetroShare Ricochet Wickr File systems (List) EncFS EFS eCryptfs LUKS PEFS Rubberhose StegFS Tahoe-LAFS Security-focused operating system GrapheneOS Tails Qubes Service providers Hyphanet NordLocker Proton Drive Tresorit WinPT Wuala Educational CrypTool Anti–computer forensics USBKill BusKill Related topics Outline of cryptography Timeline of cryptography Hash functions Cryptographic hash function List of hash functions Homomorphic encryption End-to-end encryption S/MIME Category Commons

---
Adapted from the Wikipedia article [Encryption software](https://en.wikipedia.org/wiki/Encryption_software) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Encryption_software?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
