I wonder how I define / know if a site I'm going to develop needs to be "cryptographic protected"? Of course, excluding the obvious cases, such as card data in an e-commerce for example.
I do not think that all content on a website needs to be encrypted, right? If this is the case, taking an example site for an e-commerce, how do I know what should or should not be encrypted?
I think in this case, the product data does not need it, since it is publicly accessible, but the customer's personal data needs to be encrypted, right? If so, which models / encryption types to use? Because somehow the employees of the "virtual store" have certain access to my main data (such as name, address, cell number, etc ...).
The same goes for a bank, they have access to my information while I also own it. In that case, do they use RSA Encryption? That is, can I Encrypt / Decrypt, whereas they can only Decrypt? If this is the case, how is "Key Management"? Do they get "pure" in the Bank, or in a file? Or do they (not just a Banking Institution, but any Company) use some method that only allows them and the client to access the Keys?
Finally, how do I know what I should or should not Encrypt, and how do I get both sides to access Encrypted information when it's needed? And in that case, how to take care of Key Security?
Note: I'm ignoring the cases where the information is actually Encrypted with End-to-End Encryption, because in these cases, it is clear that only the end user has access to your personal data.