Encryption and Decryption

[This feature was first implemented for MSXML 5.0.]

Encryption translates data from an intelligible format to an unintelligible one. Decryption is the process in reverse. Confidentiality is achieved if encrypted data can be decrypted only by the intended reader.

There are two ways to encrypt data. Symmetric encryption uses a shared key that is used in both encryption and decryption. Confidentiality is maintained as long as the key is known only to the sender and the recipient. It is nearly impossible to keep the shared key secret when the key must be distributed frequently and widely through different means.

Asymmetric encryption uses public and private key pairs. Data becomes confidential when the sender encrypts it with the public key of the intended recipient and the receiver decrypts it with a private key. Key management is simple as long as the public key is certifiable by a reputable certificate authority (CA).

Encryption and decryption are used in digital signature as well. In this case, however, the role of public and private keys are reversed, and the transformations are usually applied against a digest of the data.