Cryptography is the practice and study of techniques for secure communication in the presence of third parties.
- Wikipedia
Public Key Encryption
Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which are shared widely and private keys which are known only to the owner.
This mechanism accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.
How it works?
Let's assume we have email privacy program. We denote public key as lock and private key as the key.
- The user creates a lock and the key.
Alice User creates Lock as Public key and Key as Private Key
- The User puts the key in the safe and protects it with a password.
- The user puts the lock in the lockbox.
- The user can encrypt the documents so that only she can read them.
- User's friends would like to send her private messages. To do that they need a copy of User's lock.
- The user sends them a copy of their lock, and they put them in their lockboxes.
- User's friend encrypts his private message with User's lock and sends it to the user.
- On receive mail, the user opens the safe with a password, takes the key out and unlocks the mail.
Bob sends private message using Alice's Lock (Public key) and Alice reads message using her Key (Private Key)
- The user receives locks from his friends to allow the user to send private messages.
- To make it easier for others to send her messages, the user sends her lock to the server.
- Now everyone can get the user's lock from the server and write him private messages.
- Here's how a lock looks.
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0
FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/
3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
-----END PUBLIC KEY-----
- Here is how key looks
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----
- Here is how an encrypted message looks.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: This is what your message looks like after encryption.
hQEOA1e+1x6YuUMCEAP/ZpiBldqtbePXGU9t03+G+EEwzlUxDWTx/ZFPTbrcxOJz
115kxBBthc/dJBsYxthelggmsj+G/P4zIw62wRD3pIHPQ8Y/afcMDk7DjVg4g/ul
HmxUJhM5g0KinldtKtsFvXeVjdyVGrkhxyClI76z1wu7J7lzdLBTqGm7RHxEPUgD
/1IpgCDGX6eOyMnSNvtEejy+8Ar02rqDe7QoDPBwO21ug0XRr5kClIi1oo7GhrOJ
iwcSufs07XIq2RAy/TUeoKGgOps/Iy4HsvkJuAJC+nMg5+Br6aPbAykKhg3XJQOX
DDACs5a6VQC3TPAN1z5GF1HqH6AHF+w72uCyZ7Pg4Kjt0lYBWOn2+zkM37yqtdG9
VuETLjrYWZWfjivAh3ZXr4vBnJBzPVc9zbP+yTd3X9sGkuvfi/bS/0p1s+g5pUsn
WHj+WjA5kSnGtpvKSs4Tl+V94oFNWcgIhw==
=7JVQ
-----END PGP MESSAGE-----
Digital Signatures
A digital signature is a mathematical scheme for presenting the authenticity of digital messages or documents.
A valid digital signature offers:
- Authentication:
Who send it? It gives a recipient reason to believe that a known sender created the message. - Non-Repudiation:
We can't deny who sent it. The sender cannot deny having sent the message. - Integrity:
Ensure Message has not tampered and not altered in transit.
How it works?
- The user writes the message to his friend.
- User hashes the message and then encrypt the hash with his private key forming digital signature and send it to his friend.
- User's friend takes User's public key and then decrypt the digital signature, this provides the Message Digest.
- User's friend can hash the message that User sent and compare with the Message Digest to authenticate and ensure integrity.
Cryptographic hash function
A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography.
It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert.
Example:
A cryptographic hash function (specifically SHA-1) at work. A small change in the input (in the word "over") drastically changes the output (digest). This effect is the so-called avalanche effect.
Cryptographic Hash Function
The ideal cryptographic hash function:
- it is deterministic, so the same message always results in the same hash
- it is quick to compute the hash value for any given message
- it is infeasible to generate a message from its hash value except by trying all possible messages
- a small change to a message should change the hash value so extensively that the new hash value appears uncorrelated with the old hash value
- it is infeasible to find two different messages with the same hash value
Properties
-
Pre-image resistance:
One way function and impossible to determineMessage
fromHash(Message)
-
Second pre-image resistance:
Given a messageMessage1
, infeasible to find messageMessage2
such thatHash(Message1) = Hash(Message2)
-
Collision resistance:
Given any messagesMessage1
andMessage2
, infeasible to find Hash functions such thatHash(Message1) = Hash(Message2)