█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Data Leakage Prevention/Encryption Fundamentals
50 minIntermediate

Encryption Fundamentals

After this lesson, you will be able to: Understand symmetric/asymmetric encryption and encrypt files hands-on with Python.

Encryption converts readable plaintext into ciphertext using a key. Done right, it makes leaked data useless to the attacker. This lesson covers the math at a conceptual level and gets you encrypting files with Python's `cryptography` library.

Prerequisites:Data Classification

Symmetric vs asymmetric

Symmetric (AES), one key encrypts and decrypts. Fast, ideal for bulk data. Problem: how do you share the key? Asymmetric (RSA, ECC), keypair: public encrypts, private decrypts. Slow but solves key sharing. Used to wrap symmetric keys (TLS, S/MIME).

💡 Encryption at rest vs in transit

At rest: AES-256 on disks, S3 bucket encryption, full-disk encryption (BitLocker, FileVault). In transit: TLS 1.3 for network traffic. Both are required for most compliance frameworks.

Encrypt a file in Python

Using the `cryptography` library, install with `pip install cryptography`.

python
from cryptography.fernet import Fernet
# 1. Generate a key (save this securely!)
key = Fernet.generate_key()
f = Fernet(key)
# 2. Encrypt
with open('secret.txt', 'rb') as src:
plaintext = src.read()
ciphertext = f.encrypt(plaintext)
with open('secret.txt.enc', 'wb') as dst:
dst.write(ciphertext)
# 3. Decrypt
with open('secret.txt.enc', 'rb') as src:
decrypted = f.decrypt(src.read())
print(decrypted)

💡 Key management is everything

If the key leaks, encryption is moot. Real systems use HSMs (Hardware Security Modules) or KMS (AWS KMS, Google Cloud KMS) to never expose raw keys to applications.

Hashing is not encryption

SHA-256, bcrypt, argon2 are one-way functions, used for passwords, integrity. You cannot 'decrypt' a hash. Confusing the two is a classic interview trap.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Data Classification
Back to Data Leakage Prevention
Data Loss Prevention Tools and Strategies→