Encoding vs Encryption

BySecumantra Updated:May 1, 2020February 10, 2024

Welcome to Secumantra! In this post, we will try to understand the difference between encryption and encoding, which is sometimes misunderstood by many developers.

Both encoding and encryption transform the data so that it can be easily consumed by another party. Although both are doing data transformation, purpose and the approach of encoding and encryption is totally different from one another. Let us understand one by one.

Encoding

First of all, let us make it clear that encoding is not for keeping secrecy. Once this is understood, everything will be easy to understand. Encoding is the process of transforming data from one form to other for better usability and can be easily converted back knowing the encoding scheme. For example, data transmitted over the internet required a specific format and URL encoding. Examples – ASCII, base64 encoding used in json web tokens (JWT).

As such encoding uses publicly available algorithms (sometimes referred as schemes) to transform the data and encoded data can be easily transformed back into its original form. So it does not guarantee any data confidentiality as security is not the primary goal of encoding. It is actually used for better data handling with different scenarios.

Encryption

The main purpose of the encryption is to transform the data in such a manner that secrecy is maintained. Original data is scrambled using algorithms and secret keys in such a way that any unintended audience is not able to make any sense out of it. Only specific audience (having a secret key) will understand the underlying message. So encryption transforms data in such a way that guarantees confidentiality.

Encryption is generally used when sensitive data needs to be shared between two parties. It cannot be reversed easily and one needs to know the secret key to decrypt the original message.

Sometimes original data is referred as ‘plain text’ and encrypted form is referred as ‘cipher text’. Although we mainly talk here about recent algorithms and usage in modern web applications, encryption has been there from thousand years. There are mainly two types of encryption used these days, symmetric and asymmetric. We will discuss this later in a separate topic.

Summary

Encryption is for sharing confidential information and involves a secret key whereas encoding is just for better data handling using publicly known schemes.

Hope you understood the basics of encoding and encryption. Thank you for reading and we will meet again with a new topic. Stay Safe, Stay Secure!

Application Security | OWASP | Vulnerability

What is OWASP and OWASP Top Ten?

BySecumantra June 20, 2020July 5, 2021

Welcome to Secumantra! In this post, we will learn what OWASP is and what it offers. As we are mainly talking about web application security on this blog, let’s get familiar with OWASP and OWASP Top Ten. We will frequently refer this for next few blog posts and discuss related topics. OWASP and OWASP Top…

Application Security | Data Security | OWASP | Vulnerability

OWASP Top Ten: Insecure Deserialization

BySecumantra August 30, 2020November 27, 2020

Welcome to Secumantra! In this post, we’re going to talk about the number eight vulnerability from OWASP Top Ten – Insecure Deserialization. OWASP (Open Web Application Security Project) is a nonprofit foundation that works to improve the security of software. OWASP Foundation is globally recognized by developers as the first step towards more secure coding. It…

Application Security

The OAuth 2.0 Flows – Part I

BySecumantra May 30, 2020July 13, 2020

The OAuth 2.0 framework is a delegation protocol specifically designed for authorization workflows. In this post, we will try to understand different flows (OAuth grant types) for clients to obtain the authorization grant. OAuth 2.0 Roles and Terminologies Let us revisit few important OAuth terminologies and entities involved in the workflows. OAuth defines four major…

Application Security | OWASP | Vulnerability

OWASP Top 10 – Using Components With Known Vulnerabilities

BySecumantra August 20, 2020November 27, 2020

Welcome to Secumantra! In this post, we’re going to talk about the number nine vulnerability from OWASP Top Ten – Using Components With Known Vulnerabilities. OWASP (Open Web Application Security Project) is a nonprofit foundation that works to improve the security of software. OWASP Foundation is globally recognized by developers as the first step towards more…

Application Security

JWT – Everything you need to know!

BySecumantra May 5, 2020July 14, 2021

Welcome to Secumantra! In this post, we are going to understand what exactly is JWT and why JWTs are so popular in web applications these days. So let’s get started – Introduction and Purpose JWT stands for JSON Web Token and mainly used in OAuth workflows. These tokens are kind of protected data structures and…

Application Security | Cyber Security | Data Security

Top 7 Security Tips for End Users

BySecumantra June 15, 2020July 23, 2020

Welcome to Secumantra! In this post, we will understand some important security tips to protect ourselves and our families from being a victim of a potential online fraud. Security awareness has become very important in modern world when most of us are connected to internet and are working from home due to current pandemic situation….

Similar Posts