free diagnosticupgrade
Fiveable

🔒AP Cybersecurity Unit 5 Review

QR code for AP Cybersecurity practice questions

5.3 Protecting Stored Data with Cryptography

🔒AP Cybersecurity
Unit 5 Review

5.3 Protecting Stored Data with Cryptography

Written by the Fiveable Content Team • Last updated June 2026
Verified for the 2027 exam
Verified for the 2027 examWritten by the Fiveable Content Team • Last updated June 2026
🔒AP Cybersecurity
Unit & Topic Study Guides

Unit 1 – Introduction to Security

Unit 2 – Securing Spaces

Unit 3 – Securing Networks

Unit 4 – Securing Devices

Unit 5 – Securing Applications and Data

Pep mascot

Think about a file sitting on your laptop. If someone steals that laptop, the file is theirs to read. Unless you scrambled it first. That's what cryptography does for stored data: it turns readable files into nonsense that only someone with the right key can unscramble. This topic covers how that scrambling works, the different flavors of encryption algorithms, and how to actually run encryption yourself using a tool called OpenSSL.

How Encryption Protects Files

The whole point of cryptography is to hide information so that only the right people can read it. A cryptographic algorithm is the recipe that spells out exactly how to scramble and unscramble data.

Two key processes do the work:

  • Encryption takes readable information and hides it.
  • Decryption reverses the encryption to get the original information back.

So if you encrypt a file with your bank statements and then someone steals your hard drive, all they see is garbled output. Without the right key, they can't decrypt it back into anything useful.

Pep mascot
more resources to help you study
practice questions

Plaintext, Ciphertext, and Keys

Every encryption algorithm needs two ingredients: the data you want to hide and a key. The algorithm combines them to produce scrambled output.

  • Plaintext: the original, readable information going into the algorithm
  • Ciphertext: the scrambled output that comes out the other side
  • Key: a secret value the algorithm uses to do the scrambling

Think of plaintext as the message "Meet me at 5pm," ciphertext as something like 8f3a9b2c1d..., and the key as the password that makes the scrambling work. Without the key, even someone who knows exactly which algorithm you used can't easily get the plaintext back.

Keyspace and Why It Matters

The keyspace is the total number of possible keys an encryption algorithm could use. If an attacker doesn't know your key, one option they have is to just try every possible key until one works. This is called a brute force attack.

A bigger keyspace means more keys to try, which means more time to crack. A key that's 128 bits long has 21282^{128} possible values. That's a number with 39 digits. Even with massive computing power, brute forcing a 128-bit key would take longer than the age of the universe. That's why key length matters so much.

Symmetric vs Asymmetric

Algorithms get sorted into two big categories based on how many keys they use.

  • Symmetric encryption uses the same key to encrypt and decrypt. If you encrypt a file with the key hunter2, you need that same hunter2 to decrypt it. Fast and efficient, but you have to find a safe way to share the key with anyone who needs it.
  • Asymmetric encryption uses two different keys. One key encrypts, and a different key decrypts. This solves the key-sharing problem but is slower.

For protecting files on your own device, symmetric encryption is usually the go-to because it's faster and you don't need to share the key with anyone else.

Block vs Stream

Algorithms also get classified by how they chew through data.

  • Block encryption processes data in fixed-size chunks called blocks. Feed it a block of plaintext, and it spits out a block of ciphertext. If your data isn't a perfect multiple of the block size, the algorithm pads it out.
  • Stream encryption processes data continuously, one bit or byte at a time, as it flows through. Good for situations like live audio or video where data is arriving in a stream.

A quick way to keep these straight: block ciphers work like a factory stamping out boxes of fixed size, while stream ciphers work like water flowing through a pipe.

AES: The Standard Symmetric Algorithm

When real systems encrypt files, Wi-Fi traffic, or web sessions, the algorithm doing the work is almost always AES, the Advanced Encryption Standard. It's the most common symmetric encryption algorithm in use today.

You'll find AES protecting:

  • Wi-Fi transmissions (WPA2 and WPA3 use AES)
  • Internet browsing (HTTPS connections often use AES under the hood)
  • File encryption on disks (full-disk encryption tools like BitLocker and FileVault rely on AES)
  • Hardware-level encryption built into modern CPUs

How AES Works at a High Level

AES is a symmetric key block cipher. Breaking down what that means:

  • Symmetric: same key encrypts and decrypts
  • Block cipher: operates on fixed-size chunks
  • AES specifically uses 128-bit blocks, which is 16 bytes at a time

AES doesn't lock you into one key length. It supports keys of different lengths: 128 bits, 192 bits, or 256 bits. Longer keys are more secure because the keyspace is bigger, but they also take more time to encrypt and decrypt. For most everyday uses, 128-bit AES is plenty strong. For highly sensitive data, people often go with 256-bit.

Computer-based encryption algorithms like AES operate on binary data, meaning they're working with the raw 1s and 0s that make up your file. They don't care whether the file is a photo, a PDF, or a text document. It's all just bits to AES.

Encrypting and Decrypting Files in Practice

You have a few options for actually running AES on a file:

  • Command line tools like OpenSSL, where you type commands directly
  • Specialized software like AES Crypt, an open source app with a simple interface
  • Web-based tools that let you encrypt files in a browser

For the AP course, you should know how to use OpenSSL on the command line.

Encrypting a File with OpenSSL

Say you have a file called test that you want to encrypt. Here's the command:

</>Code
openssl enc -aes-128-cbc -e -in test -k password -out test.enc

Breaking this down piece by piece:

  • openssl enc calls the OpenSSL encryption tool
  • -aes-128-cbc picks the algorithm: AES with a 128-bit key, using CBC mode
  • -e says "encrypt" (as opposed to decrypt)
  • -in test is the input file (your plaintext)
  • -k password provides the password that the key is derived from
  • -out test.enc is the output file (your ciphertext)

After running this, you'll have a new file called test.enc that contains the encrypted version. If you try to open it in a text editor, you'll see scrambled junk instead of your original content.

One thing worth noticing: you don't hand OpenSSL the raw key directly. You give it a password, and OpenSSL derives the key from that password. The actual key the AES algorithm uses gets generated from your password behind the scenes.

Decrypting the File

To get your original file back, run almost the same command with one change:

</>Code
openssl enc -aes-128-cbc -d -in test.enc -k password -out text

The differences:

  • -d instead of -e tells OpenSSL to decrypt
  • -in test.enc is now the encrypted file
  • -out text is where the decrypted plaintext gets written

You have to use the exact same password you used to encrypt. Since AES is symmetric, the same key (derived from the same password) handles both directions. Mistype the password and you'll get either an error or a file full of garbage, because the wrong key produces wrong output.

Other Tools for the Same Job

OpenSSL isn't your only option. AES Crypt is an open source tool with a graphical interface that does the same encryption with AES but feels more like a normal app. You right-click a file, pick "AES Encrypt," type a password, and you're done. There are also web-based tools where you upload a file in a browser and get back the encrypted version.

The underlying math is identical across all these tools. What changes is just the interface. Behind the scenes, they're all running AES on your data.

Putting the Concepts Together

Here's how the vocabulary connects when you encrypt a real file:

  1. Your file (test) is the plaintext.
  2. Your password gets turned into a key.
  3. AES is the cryptographic algorithm, and it's symmetric and a block cipher.
  4. The algorithm processes your file in 128-bit blocks.
  5. The output (test.enc) is the ciphertext.
  6. To decrypt, you run the same algorithm with the same key and get your plaintext back.

The strength of all this depends on the keyspace. A 128-bit AES key gives an attacker 21282^{128} possibilities to try, which is why AES has held up as the standard for decades. As long as you pick a strong password and keep it secret, your encrypted files are safe even if an attacker physically grabs them.

Vocabulary

The following words are mentioned explicitly in the College Board Course and Exam Description for this topic.

Term

Definition

Advanced Encryption Standard (AES)

The most common symmetric encryption algorithm used to secure data in Wi-Fi transmissions, internet browsing, file encryption, and hardware-level encryption.

AES Crypt

An open-source specialized software tool that can encrypt and decrypt files using AES encryption.

asymmetric encryption

A cryptographic method that uses a pair of keys (public and private) to encrypt and decrypt data, where the public key encrypts and the private key decrypts.

binary data

Data represented in the form of 0s and 1s that encryption algorithms operate on.

block cipher

A symmetric encryption algorithm that encrypts data in fixed-size blocks, such as AES which operates on 128-bit blocks.

block encryption

A cryptographic method that processes information in fixed-size chunks called blocks, producing one output block for each input block.

ciphertext

The encrypted output produced by an encryption algorithm when plaintext is combined with a key.

cryptographic algorithm

A mathematical process that defines how to encrypt and decrypt information using a key.

cryptography

The practice of using algorithms and keys to hide information and protect it from unauthorized access.

decryption

The process of reversing encryption to retrieve the original information from ciphertext.

encryption

A security technique that converts data into an unreadable format to prevent unauthorized access if data are stolen or intercepted.

encryption key

A string of bits used in a cryptographic algorithm to encrypt and decrypt data.

key

A predefined value used in a cryptographic algorithm to encrypt and decrypt information.

keyspace

The total number of possible keys that can be used in an encryption algorithm; a larger keyspace increases security by making brute-force attacks more difficult.

OpenSSL

A command-line tool used to perform asymmetric encryption and decryption operations, as well as generate and manage cryptographic keys.

plaintext

The original, unencrypted information that is input into an encryption algorithm.

stream encryption

A cryptographic method that processes input information continuously, producing output one element at a time.

symmetric encryption

A cryptographic method that uses the same key to both encrypt and decrypt information.

Pep mascot
Upgrade your Fiveable account to print any study guide

Download study guides as beautiful PDFs See example

Print or share PDFs with your students

Always prints our latest, updated content

Mark up and annotate as you study

Click below to go to billing portal → update your plan → choose Yearly→ and select "Fiveable Share Plan". Only pay the difference

Plan is open to all students, teachers, parents, etc
Pep mascot
Upgrade your Fiveable account to export vocabulary

Download study guides as beautiful PDFs See example

Print or share PDFs with your students

Always prints our latest, updated content

Mark up and annotate as you study

Plan is open to all students, teachers, parents, etc
report an error
description

screenshots help us find and fix the issue faster (optional)

add screenshot