Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
2. Table Of Content
Introduction of Encryption.
Types of Encryption.
Symmetric Encryption.
Advanced Encryption Standard (AES).
Asymmetric Encryption.
RSAAlgorithm.
Digital certificate management methods.
Public key infrastructure (PKI).
Conclusion
3. Introduction of Encryption
What is Encryption?
Encryption is a fundamental concept in computer security that involves the transformation of information or data
into a coded form to prevent unauthorized access or interception. The purpose of encryption is to ensure the
confidentiality and integrity of sensitive data as it is transmitted or stored. It is a crucial component in securing
communication channels and protecting information from being accessed by unauthorized parties.
In the process of encryption, the original data, known as plaintext, is transformed using an algorithm and an
encryption key to produce ciphertext. The ciphertext is a scrambled or unreadable version of the original data.
The encryption key is essential for the encryption process, and only individuals with the corresponding
decryption key can revert the ciphertext back to its original plaintext form.
4. Types of Encryption
There are mainly two types of Encryptions:
Encryption
Symmetric Encryption Asymmetric Encryption
5. Symmetric Encryption
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both
encrypt and decrypt electronic data. The entities communicating via symmetric encryption must
exchange the key so that it can be used in the decryption process.
By using symmetric encryption algorithms, data is "scrambled" so that it can't be understood by
anyone who does not possess the secret key to decrypt it. Once the intended recipient who
possesses the key has the message, the algorithm reverses its action so that the message is returned
to its original readable form. The secret key that the sender and recipient both use could be a
specific password/code or it can be random string of letters or numbers that have been generated
by a secure random number generator (RNG). For banking-grade encryption, the symmetric keys
must be created using an RNG that is certified according to industry standards, such as FIPS 140-
2.
7. Disadvantage of Symmetric Encryption
Key Distribution: One of the significant challenges with symmetric encryption is key distribution.
Since the same key is used for both encryption and decryption, securely sharing the key between
the communicating parties becomes crucial. If an unauthorized party intercepts the key during
distribution, it compromises the security of the entire system.
Key Management: In addition to distribution, managing and securely storing symmetric keys can
be complex, especially in large-scale systems. As the number of users increases, the challenges
associated with key management also grow. Regularly changing and updating keys to enhance
security adds another layer of complexity.
Scalability: Symmetric encryption becomes less scalable as the number of users or devices
involved in communication increases. In a scenario where each pair of communicating entities
needs a unique symmetric key, the number of keys grows quadratically with the number of
participants, making key management more challenging.
9. Asymmetric Encryption
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of
related keys -- one public key and one private key -- to encrypt and decrypt a message and protect
it from unauthorized access or use.
A public key is a cryptographic key that can be used by any person to encrypt a message so that it
can only be decrypted by the intended recipient with their private key. A private key -- also known
as a secret key -- is shared only with key's initiator.
When someone wants to send an encrypted message, they can pull the intended recipient's public
key from a public directory and use it to encrypt the message before sending it. The recipient of the
message can then decrypt the message using their related private key.
If the sender encrypts the message using their private key, the message can be decrypted only using
that sender's public key, thus authenticating the sender. These encryption and decryption processes
happen automatically; users do not need to physically lock and unlock the message.
Many protocols rely on asymmetric cryptography, including the transport layer security (TLS) and
secure sockets layer (SSL) protocols, which make HTTPS possible.
11. Advantage of Asymmetric Encryption
Key distribution: Eliminates the need for key exchange.
Security: Private keys are never sent or disclosed, making it difficult for unauthorized users to
access data.
Digital signatures: Enables recipients to confirm the origin of a message.
Authentication: Provides authentication and non-repudiation.
Key management: Simplifies key management because each party can keep their own private key
secure and share their public key freely.
Secure key exchange: Allows parties to use each other's public keys to encrypt and share their
symmetric keys.
12. RSAAlgorithm
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works
on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is
given to everyone and the Private key is kept private.
RSA is invented by Rivest, Shamir and Adleman of MIT.
It is most widely used for secure data transmission.
RSA algorithm is known as Public key Cryptography.
RSA algorithm consists of following steps:
Key generation.
Encryption
Decryption
13. RSAAlgorithm
Generating public key:
• Select two prime no's. Suppose P = 53 and Q = 59.
• Now First part of the Public key : n = P*Q = 3127.
• We also need a small exponent say e : But e Must be An integer. Not be a factor of Φ(n), 1<e<Φ(n).
• Our Public key is made of n and e.
Generating public key:
• We need to calculate Φ(n) : Such that Φ(n) = (P-1)(Q-1) so, Φ(n) = 3016
• Now calculate Private Key, d : d = (k*Φ(n) + 1) / e, for some integer k For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011) Now we will
encrypt “HI”:
• Convert letters to numbers : H = 8 and I = 9
• Thus Encrypted Data, c = (89e)mod * n
• Thus our Encrypted Data comes out to be 1394
• Now we will decrypt 1394 :
• Decrypted Data = (cd)mod * n
• Thus our Encrypted Data comes out to be 89
• 8 = H and I = 9 i.e. "HI".
14. RSAAlgorithm
Generating public key:
Very fast, very simple encryption and verification.
Easy to implement than elliptical Curve Cryptography.
Easier to Understand.
Widely deployed, better industry support.
Disadvantage:
Very slow key generation.
Slow decryption, which is slightly tricky to implement securely.
15. Digital Certificate Management Methods
A digital certificate is a file or electronic password that proves the authenticity of a device, server,
or user through the use of cryptography and the public key infrastructure (PKI). Digital certificate
authentication helps organizations ensure that only trusted devices and users can connect to their
networks.
Digital certificate management plays a crucial role in ensuring the security of digital
communications. There are several methods and standards employed in cryptography for digital
certificate management. Here are some key aspects and methods:
Public Key Infrastructure (PKI)
X.509 Standard
Certificate Signing Request (CSR)
Revocation
Key Pair Generation and Storage
Renewal
Automated Certificate Management
Multi-Factor Authentication
Containerized Environments
16. Public Key Infrastructure (PKI)
The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and
procedures required to create, manage, distribute, use, store, and revoke digital certificates and
public-keys. PKIs are the foundation that enables the use of technologies, such as digital
signatures and encryption, across large user populations. PKIs deliver the elements essential for
a secure and trusted business environment for e-commerce and the growing Internet of Things
(IoT).
PKIs help establish the identity of people, devices, and services – enabling controlled access to
systems and resources, protection of data, and accountability in transactions. Next generation
business applications are becoming more reliant on PKI technology to guarantee high assurance,
because evolving business models are becoming more dependent on electronic interaction
requiring online authentication and compliance with stricter data security regulations.
Here are some key components and concepts associated with Public Key Infrastructure:
Public and Private Keys:
Each entity in a PKI system has a pair of cryptographic keys: a public key and a private key.
The public key is shared openly and is used for encryption and verifying digital signatures.
The private key is kept secret and is used for decryption and creating digital signatures.
17. Public Key Infrastructure (PKI)
Here are some key components and concepts associated with Public Key Infrastructure:
Digital Certificates:
Digital certificates bind a public key to an individual, device, or service, providing a way to verify
the authenticity of the public key.
Certificates are issued by trusted entities known as Certificate Authorities (CAs). CAs verify the
identity of the certificate holder before issuing a certificate.
Certificate Authorities (CAs):
CAs are trusted third-party organizations responsible for issuing, revoking, and managing digital
certificates.
Registration Authorities (RAs):
RAs are entities that work with CAs to verify the identity of individuals or entities before a
certificate is issued.
Certificate Revocation Lists (CRLs): CRLs are lists maintained by CAs that contain information about
certificates that have been revoked before their expiration date.
Public and Private Key Infrastructure: The public key infrastructure involves the
distribution and management of public keys and certificates. The private key infrastructure
involves the protection and secure management of private key.
18. Public Key Infrastructure (PKI)
Here are some key components and concepts associated with Public Key Infrastructure:
Digital Signatures: Digital signatures are created using the private key and can be verified
using the corresponding public key. They ensure the authenticity and integrity of digital
messages.
Secure Sockets Layer (SSL) / Transport Layer Security (TLS): SSL and TLS protocols use
PKI to secure communication over the internet, such as in web browsers for secure
transactions.