encryption
process of changing plain text into cipher text
cipher text
data after encryption
plain text
data before encryption
public key
an encryption key that is shared with everyone involved in the process
private key
- an encryption key that is not shared with anyone
- it is used to decrypt data that was encrypted with its matching public key
similarities between private and public key
both used in asymmetric encryption
a pair of keys is required//matching pair
both are hashing algorithms
difference between private and public keys
private key is only known to the owner of the key pair, public key is available for everyone
public key is for encryption, private key is for decryption
purpose of encryption
to provide better security,
ensure the authenticity of the message
non-repudiation, neither sender nor receiver can deny the transmission’s occurrence
symmetric encryption
one key is used for both encryption and decryption
asymmetric encryption
two different keys are used for encryption and decryption, one private and one public.
- the message to be sent is encrypted using the receiver’s public key
- the message is decrypted using the receiver’s matching private key
- as the receiver is the only one with that private key, only the receiver can read the message.
explain the difference between symmetric and asymmetric encryption
- Symmetric cryptography uses a single key to encrypt and decrypt messages, Asymmetric cryptography uses two.
- The symmetric key is shared, whereas with asymmetric, only the public key is shared (and the private key isn’t).
- …asymmetric encryption is more secure.
- Symmetric cryptography is a simple process that can be carried out quickly, but asymmetric is more complex, so slower.
- The length of the keys in symmetric encryption are (usually) shorter than those for asymmetric (128/256 bits v 2048 bits).
security concerns for encryption
confidentiality = the receiver should be the only one to decipher the cipher text
authenticity = the receiver should be certain who sent the ciphertext
integrity = ensuring the cipher text has not been altered during transmission
handshake
when a device initiates communication with another device
handshake protocol
requests from the server its SSL certificate which is a digital certificate that confirms its identity. a session key is established that is used for the duration of the connection.
long answer:
client requests server’s digital certificate and public key
client validates certificate and sends their certificate (if requested)
client sends an encrypted message to the server (using server’s public key) to establish session key
session begins
security parameters determined during the handshake protocol
- which protocol will be used
- session ID (uniquely identifies the messages sent)
- encryption method
- compression method to be used
secure socket layer (SSL) protocol
when a user logs onto a website, SSL encrypts the data and only the client’s computer and the webserver are able to make sense of what is being transmitted
initiates handshake protocol
during this process the client and browser establish a session key that they use for the duration of their connection
ssl process
handshake protocol first establishes a connection and confirms identity - the client browser requests its SSL certificate (a digital certificate confirming its identity) and its public key
- if the digital certificate is valid (checks cert through list of certificate authorities) then the session is created, if it is invalid the website is rejected.
client browser then creates and sends the server a symmetric session key using the server’s public key
server uses their private key to decrypt the session key, and sends an acknowledgement (encrypted)
- the session key is used to encrypt the data throughout session
function of ssl
created to reassure a user when a client-server application is underway. its purpose is:
- Encryption of data
- Compression of data
- Integrity checking of data
transport layer security (TLS)
provides secure communication over a network.
maintains data integrity and adds a layer of security (more secure than SSL)
composed of two layers - record protocol and handshake protocol
record protocol (not in spec?)
contains the data being transmitted over the network
differences between SSL and TLS
it’s possible to extend TLS by adding new authentication methods unlike SSL
TLS separates the handshaking process from the record protocol layer where all data is held
examples of when ssl/tls is used:
banking
private/secure email
online shopping
secure file transfer
using a social networking site - audio chatting, instant messaging.
digital signature
an agreed hash function is applied to a message (creating a digest), which is then encrypted using the sender’s private key to form a digital signature. used to identify a sender
digital signature process
- Cryptographic one-way hashing algorithm (agreed upon hashing algorithm) is used on the message to create a message digest
- The sender’s private key is then used to encrypt the message digest, which becomes the digital signature.
- the message and digital signature are encrypted with the receiver’s public key (asymmetric), and are sent
- The receiver decrypts the message and digital signature using the receiver’s private key (asymmetric)
- the digital signature is then decrypted with the sender’s public key to recover the message digest
- The receiver uses the same hash function on the decrypted message and compares the two
- If they are identical, the sender’s identity is verified and the message has not been altered.
