DEV Community

Cover image for Cryptography for beginners
Pedro Aravena for Vaultree

Posted on • Updated on

Cryptography for beginners

For a long time, human beings have been concerned with protecting information, ensuring that other people do not see the content of the message to be transmitted. Various methods have been created over time to achieve this goal and ensure the confidentiality of information in general.
Encryption is the study and practice of principles and techniques for secure communication in the presence of others.
That is, in practice, any technique that ensures that a third party does not have access to your information or cannot read or understand the true meaning of the message.

Principles

Until recently, cryptography was synonymous with encryption, which is the process of converting plain text to ineligible text (or cipher). Today, it has more goals and principles:

Confidentiality: only the authorized recipient of the message is able to extract the content and understand the message. In a simple analogy, it's like a safe. Only those who have the key have access to the contents inside the safe;

Integrity: The recipient can verify that the message has been changed during its transmission. This ensures that someone malicious does not send some correct but old message that is no longer valid. The recipient will be able to open the message and verify its content to see if it is no longer valid;

Authenticity: the recipient is able to verify that the message was actually sent by the person claiming to be sent. It's like signing a contract or a check;

Irreversibility: the sender of the message cannot deny the authorship of the message sent. That is, once the message is published or sent, the sender cannot retract or say that he did not send it, since only he can have the knowledge or the key to generate the message. It is good to highlight that not all systems or algorithms cover all these principles at the same time and that in most applications it is necessary to apply one more algorithm together to meet all requirements.

Encryption Techniques
There are several encryption techniques (and hence algorithms) that are used today, but the main ones are: secret key cryptography, public key cryptography and hashing. We'll talk about each of them below.

1. Secret Key Encryption
Also known as symmetric encryption. This type of encryption uses only one key to both encrypt and decrypt a message, hence the symmetric name. Thus, both parties must have a copy of the key in order to exchange the message.

Image description

This mode is used for the confidentiality principle. This type can have 2 algorithm modes:
Block: The message is encrypted in blocks of specific sizes. Examples: DES, AES, etc.
In stream: the message is encrypted by taking the information byte by byte. Examples: RC4, Salsa20, etc.
Because the same key is used at both ends of the process, it must be securely shared between the parties. This can cause problems if not done carefully.

2. Public key encryption
In public key cryptography, also known as asymmetric cryptography, two different keys are used in the process, one for encryption and one for decryption. The key used for encryption is also known as the public key and can normally be known by anyone. The key used to decrypt is known as a private key and is kept secret by only one party.

Image description

This mode is used for confidentiality and authenticity principles. For the case of authenticating (or signing) a message, the order is reversed. The private key is used to sign the message, while the public key is used to verify it.
This mode is also used for secure symmetric key exchange. A good example of this is SSL (used in HTTPS), which uses symmetric and asymmetric cryptography together to encrypt and authenticate a website.

3. Hashing
This technique does not involve any keys. It sets a fixed size and the value changes according to the message. Any small change in the message (whatever a bit) causes the final value to change drastically.

Image description

This mode is used to verify the integrity of the sent message, as it works as a fingerprint of the message to be sent. The hash is a one-way function, that is, it is not possible to recover the original message from only the final value.
Examples of algorithms: MD5, SHA, Whirpool, etc.
Why 3 methods?
Why use 3 methods? Why not just use one that covers all the basics? The answer is that each technique is optimized for a specific application. In real
applications, to ensure all principles, a combination of the 3 techniques is used. For example, you can use symmetric mode to encrypt the message (confidentiality) and send together the hash (integrity) and signature (authenticity) with the asymmetric mode.

Applications

With the increasing use of the internet and cloud systems, encryption has been increasingly used to secure the principles shown above.

Digital signature: a way of sending documents and assuring the recipient that this document is authentic. Normally, you acquire a private key from an authority and, with that key, you can sign documents. At the other end, the recipient has a public key of the same authority and is able to verify the validity of the signature and, consequently, the authenticity of the document. This often eliminates the use of physical signatures and avoids unnecessary paper printing.

Email encryption: sending emails with sensitive data can be dangerous and easily
intercepted by third parties, potentially causing business damage. There are ways to encrypt the data sent, for example using OpenPGP.

Encryption of sensitive data: Saving business sensitive data (such as passwords or financials) must be done carefully. There are some practices on how to save this safely (like here), which uses various techniques shown in this article.

HTTPS/SSL: Right now you are using encryption to read this article. A combination of
hashing, encryption and signing is used in the HTTPS protocol, which is present on most websites today (if not, be suspicious). This ensures that the website you are accessing really is from the one you expect and that the information transmitted is secure (such as
password, personal data, etc).

Blockchain: This technology has been quite in vogue lately and makes heavy use of cryptography principles to store the data and also verify its authenticity, among other uses.

Conclusion

Encryption has been studied and used for a long time by human beings and with each passing day, with the greater connectivity of people and data, greater security and reliability of your data is required, which are both stored and transported by the system.
This article was a brief introduction to the terms used and the main applications in the world. In the next article, we will talk about hash functions and their applications.

-

At Vaultree we are building an encrypted future. We love sharing valuable information and trends to help you keep your data safe. Sign up to stay in the loop and discuss the hottest trends in cybersec with a team of experts.

Image description

Discussion (0)