3
I would like to know how I define/know if a site I will develop needs to be "protected by encryption"? Of course, excluding obvious cases such as card data in an e-commerce for example.
I guess not all the content of a website needs to be encrypted, right? If this is the case, taking as an example a site for an e-commerce, as I know what should be encrypted or not?
I think that in this case, the data of the products do not need, since they are publicly accessible, but the personal data of the customers need to be encrypted, right? If so, what models/types of encryption do you use? Because somehow the employees of the "virtual store" have certain access to my main data (such as name, address, mobile number, etc...).
The same goes for a Bank, they have access to my information at the same time that I also have. In this case they use RSA Encryption? That is, I can Encrypt/Decrypt, while they can only Decrypt? If this is the case, what about "Key Management"? Are they played "pure" in the Bank, or in a file? Or they (not just a Banking Institution, but any Company) use some method that only enables them and the customer to access the Keys?
Finally, how do I know what I should or shouldn’t encrypt and how do I get both sides to access Encrypted information when necessary? And in this case, how to take care of Key Security?
Obs: I am ignoring the cases where information is actually Encrypted with End-to-End Encryption, because in such cases, it is clear that only the end user has access to your personal data.
I do not agree that my question is too broad, although I agree that I have asked more than one question at the same time.
– Renato Gonçalves